From 0ac165e74837ab277937ca4585b72631fb25f51b Mon Sep 17 00:00:00 2001
From: facebook-github-bot <facebook-github-bot@users.noreply.github.com>
Date: Fri, 20 Oct 2023 09:36:04 +0000
Subject: [PATCH] =?UTF-8?q?Deploying=20to=20gh-pages=20from=20=20@=209c5ca?=
 =?UTF-8?q?e6ca6b764cee16b2da8b7c05ef29620c180=20=F0=9F=9A=80?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 404.html                                                    | 4 ++--
 _src/models.md                                              | 4 ++--
 assets/js/{d6ed0749.2129e329.js => d6ed0749.f1f4c22d.js}    | 2 +-
 .../{runtime~main.4240a0ef.js => runtime~main.12fefa2a.js}  | 2 +-
 blog/archive/index.html                                     | 4 ++--
 blog/index.html                                             | 4 ++--
 blog/tags/facebook/index.html                               | 4 ++--
 blog/tags/hello/index.html                                  | 4 ++--
 blog/tags/index.html                                        | 4 ++--
 blog/welcome/index.html                                     | 4 ++--
 docs/configuration/index.html                               | 4 ++--
 docs/contribution/index.html                                | 4 ++--
 docs/customize-sources-and-sinks/index.html                 | 4 ++--
 docs/debugging-fp-fns/index.html                            | 4 ++--
 docs/feature-descriptions/index.html                        | 4 ++--
 docs/getting-started/index.html                             | 4 ++--
 docs/known-false-negatives/index.html                       | 4 ++--
 docs/models/index.html                                      | 6 +++---
 docs/overview/index.html                                    | 4 ++--
 docs/rules/index.html                                       | 4 ++--
 docs/shims/index.html                                       | 4 ++--
 index.html                                                  | 4 ++--
 22 files changed, 43 insertions(+), 43 deletions(-)
 rename assets/js/{d6ed0749.2129e329.js => d6ed0749.f1f4c22d.js} (79%)
 rename assets/js/{runtime~main.4240a0ef.js => runtime~main.12fefa2a.js} (85%)

diff --git a/404.html b/404.html
index 635627a5..a38c3e21 100644
--- a/404.html
+++ b/404.html
@@ -5,14 +5,14 @@
 <meta name="generator" content="Docusaurus v2.1.0">
 <title data-rh="true">Page Not Found | Mariana Trench</title><meta data-rh="true" name="viewport" content="width=device-width,initial-scale=1"><meta data-rh="true" name="twitter:card" content="summary_large_image"><meta data-rh="true" property="og:url" content="https://mariana-tren.ch/404.html"><meta data-rh="true" name="docusaurus_locale" content="en"><meta data-rh="true" name="docusaurus_tag" content="default"><meta data-rh="true" name="docsearch:language" content="en"><meta data-rh="true" name="docsearch:docusaurus_tag" content="default"><meta data-rh="true" property="og:title" content="Page Not Found | Mariana Trench"><link data-rh="true" rel="icon" href="/img/favicon.ico"><link data-rh="true" rel="canonical" href="https://mariana-tren.ch/404.html"><link data-rh="true" rel="alternate" href="https://mariana-tren.ch/404.html" hreflang="en"><link data-rh="true" rel="alternate" href="https://mariana-tren.ch/404.html" hreflang="x-default"><link rel="alternate" type="application/rss+xml" href="/blog/rss.xml" title="Mariana Trench RSS Feed">
 <link rel="alternate" type="application/atom+xml" href="/blog/atom.xml" title="Mariana Trench Atom Feed"><link rel="stylesheet" href="/assets/css/styles.e56ff910.css">
-<link rel="preload" href="/assets/js/runtime~main.4240a0ef.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.12fefa2a.js" as="script">
 <link rel="preload" href="/assets/js/main.98fb840d.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
 <script>!function(){function t(t){document.documentElement.setAttribute("data-theme",t)}var e=function(){var t=null;try{t=localStorage.getItem("theme")}catch(t){}return t}();t(null!==e?e:"light")}()</script>
 <div style="display: none; text-align: center; background-color: white; color: black;" id="internaldocs-banner"></div><div id="__docusaurus">
 <div role="region" aria-label="theme.common.skipToMainContent"><a href="#" class="skipToContent_fXgn">Skip to main content</a></div><nav class="navbar navbar--fixed-top"><div class="navbar__inner"><div class="navbar__items"><button aria-label="Navigation bar toggle" class="navbar__toggle clean-btn" type="button" tabindex="0"><svg width="30" height="30" viewBox="0 0 30 30" aria-hidden="true"><path stroke="currentColor" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2" d="M4 7h22M4 15h22M4 23h22"></path></svg></button><a class="navbar__brand" href="/"><b class="navbar__title text--truncate">Mariana Trench</b></a><a class="navbar__item navbar__link" href="/docs/overview/">Documentation</a></div><div class="navbar__items navbar__items--right"><a href="https://github.com/facebook/mariana-trench" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link">GitHub<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a><div class="searchBox_ZlJk"></div></div></div><div role="presentation" class="navbar-sidebar__backdrop"></div></nav><div class="main-wrapper mainWrapper_z2l0"><main class="container margin-vert--xl"><div class="row"><div class="col col--6 col--offset-3"><h1 class="hero__title">Page Not Found</h1><p>We could not find what you were looking for.</p><p>Please contact the owner of the site that linked you to the original URL and let them know their link is broken.</p></div></div></main></div><footer class="footer footer--dark"><div class="container container-fluid"><div class="row footer__links"><div class="col footer__col"><div class="footer__title">Learn</div><ul class="footer__items clean-list"><li class="footer__item"><a class="footer__link-item" href="/docs/getting-started/">Getting Started</a></li></ul></div><div class="col footer__col"><div class="footer__title">Community</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://twitter.com/metaOpenSource" target="_blank" rel="noopener noreferrer" class="footer__link-item">Twitter<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div><div class="col footer__col"><div class="footer__title">More</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://github.com/facebook/mariana-trench" target="_blank" rel="noopener noreferrer" class="footer__link-item">GitHub<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div><div class="col footer__col"><div class="footer__title">Legal</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://opensource.facebook.com/legal/privacy/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Privacy<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li class="footer__item"><a href="https://opensource.facebook.com/legal/terms/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Terms<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div></div><div class="footer__bottom text--center"><div class="margin-bottom--sm"><a href="https://opensource.facebook.com" rel="noopener noreferrer" class="footerLogoLink_BH7S"><img src="/img/oss_logo.png" alt="Facebook Open Source Logo" class="themedImage_ToTc themedImage--light_HNdA footer__logo"><img src="/img/oss_logo.png" alt="Facebook Open Source Logo" class="themedImage_ToTc themedImage--dark_i4oU footer__logo"></a></div><div class="footer__copyright">Copyright © 2023 Meta Platforms, Inc. Built with Docusaurus.</div></div></div></footer></div>
-<script src="/assets/js/runtime~main.4240a0ef.js"></script>
+<script src="/assets/js/runtime~main.12fefa2a.js"></script>
 <script src="/assets/js/main.98fb840d.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/_src/models.md b/_src/models.md
index bbcf62d4..9f1b58ce 100644
--- a/_src/models.md
+++ b/_src/models.md
@@ -960,7 +960,7 @@ Each "rule" defines a "filter" (which uses "constraints" to specify methods for
 
     - `signature_match`: Expects at least one of the two allowed groups of extra properties: `[name | names] [parent | parents | extends [include_self]]` where:
       - `name` (a single string) or `names` (a list of alternative strings): is exact matched to the method name
-      - `parent` (a single string) or `parents` (a list of alternative strings) is exact matched to the class of the method or `extends` (either a single string or a list of alternative strings) is exact matched to the base classes or interfaces of the method. `extends` allows an additional property `includes_self` which is a boolean to indicate if the constraint is applied to the class itself or not.
+      - `parent` (a single string) or `parents` (a list of alternative strings) is exact matched to the class of the method or `extends` (either a single string or a list of alternative strings) is exact matched to the base classes or interfaces of the method. `extends` allows an optional property `include_self` which is a boolean to indicate if the constraint is applied to the class itself or not (defaults to `true`).
     - `signature | signature_pattern`: Expects an extra property `pattern` which is a regex to fully match the full signature (class, method, argument types) of a method;
       - **NOTE:** Usage of this constraint is discouraged as it has poor performance. Try using `signature_match` instead!
     - `parent`: Expects an extra property `inner` [Type] which contains a nested constraint to apply to the class holding the method;
@@ -977,7 +977,7 @@ Each "rule" defines a "filter" (which uses "constraints" to specify methods for
 
   - **Type:**
 
-    - `extends`: Expects an extra property `inner` [Type] which contains a nested constraint that must apply to one of the base classes or itself. The optional property `includes_self` is a boolean that tells whether the constraint must be applied on the type itself or not;
+    - `extends`: Expects an extra property `inner` [Type] which contains a nested constraint that must apply to one of the base classes or itself. The optional property `include_self` is a boolean that tells whether the constraint must be applied on the type itself or not (defaults to `true`);
     - `super`: Expects an extra property `inner` [Type] which contains a nested constraint that must apply on the direct superclass;
     - `is_class | is_interface`: Accepts an extra property `value` which is either `true` or `false`. By default, `value` is considered `true`;
 
diff --git a/assets/js/d6ed0749.2129e329.js b/assets/js/d6ed0749.f1f4c22d.js
similarity index 79%
rename from assets/js/d6ed0749.2129e329.js
rename to assets/js/d6ed0749.f1f4c22d.js
index 6f1a0254..4a575252 100644
--- a/assets/js/d6ed0749.2129e329.js
+++ b/assets/js/d6ed0749.f1f4c22d.js
@@ -1 +1 @@
-"use strict";(self.webpackChunkwebsite=self.webpackChunkwebsite||[]).push([[133],{3905:(e,n,a)=>{a.r(n),a.d(n,{MDXContext:()=>d,MDXProvider:()=>u,mdx:()=>x,useMDXComponents:()=>p,withMDXComponents:()=>m});var t=a(67294);function i(e,n,a){return n in e?Object.defineProperty(e,n,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[n]=a,e}function r(){return r=Object.assign||function(e){for(var n=1;n<arguments.length;n++){var a=arguments[n];for(var t in a)Object.prototype.hasOwnProperty.call(a,t)&&(e[t]=a[t])}return e},r.apply(this,arguments)}function o(e,n){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var t=Object.getOwnPropertySymbols(e);n&&(t=t.filter((function(n){return Object.getOwnPropertyDescriptor(e,n).enumerable}))),a.push.apply(a,t)}return a}function l(e){for(var n=1;n<arguments.length;n++){var a=null!=arguments[n]?arguments[n]:{};n%2?o(Object(a),!0).forEach((function(n){i(e,n,a[n])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(a)):o(Object(a)).forEach((function(n){Object.defineProperty(e,n,Object.getOwnPropertyDescriptor(a,n))}))}return e}function s(e,n){if(null==e)return{};var a,t,i=function(e,n){if(null==e)return{};var a,t,i={},r=Object.keys(e);for(t=0;t<r.length;t++)a=r[t],n.indexOf(a)>=0||(i[a]=e[a]);return i}(e,n);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(t=0;t<r.length;t++)a=r[t],n.indexOf(a)>=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(i[a]=e[a])}return i}var d=t.createContext({}),m=function(e){return function(n){var a=p(n.components);return t.createElement(e,r({},n,{components:a}))}},p=function(e){var n=t.useContext(d),a=n;return e&&(a="function"==typeof e?e(n):l(l({},n),e)),a},u=function(e){var n=p(e.components);return t.createElement(d.Provider,{value:n},e.children)},c={inlineCode:"code",wrapper:function(e){var n=e.children;return t.createElement(t.Fragment,{},n)}},h=t.forwardRef((function(e,n){var a=e.components,i=e.mdxType,r=e.originalType,o=e.parentName,d=s(e,["components","mdxType","originalType","parentName"]),m=p(a),u=i,h=m["".concat(o,".").concat(u)]||m[u]||c[u]||r;return a?t.createElement(h,l(l({ref:n},d),{},{components:a})):t.createElement(h,l({ref:n},d))}));function x(e,n){var a=arguments,i=n&&n.mdxType;if("string"==typeof e||i){var r=a.length,o=new Array(r);o[0]=h;var l={};for(var s in n)hasOwnProperty.call(n,s)&&(l[s]=n[s]);l.originalType=e,l.mdxType="string"==typeof e?e:i,o[1]=l;for(var d=2;d<r;d++)o[d]=a[d];return t.createElement.apply(null,o)}return t.createElement.apply(null,a)}h.displayName="MDXCreateElement"},31797:(e,n,a)=>{a.r(n),a.d(n,{assets:()=>s,contentTitle:()=>o,default:()=>c,frontMatter:()=>r,metadata:()=>l,toc:()=>d});var t=a(87462),i=(a(67294),a(3905));const r={id:"models",title:"Models & Model Generators",sidebar_label:"Models & Model Generators"},o=void 0,l={unversionedId:"models",id:"models",title:"Models & Model Generators",description:"The main way to configure the analysis is through defining model generators. Each model generator defines (1) a filter, made up of constraints to specify the methods (or fields) for which a model should be generated, and (2) a model, an abstract representation of how data flows through a method.",source:"@site/documentation/models.md",sourceDirName:".",slug:"/models",permalink:"/docs/models",draft:!1,editUrl:"https://github.com/facebook/mariana-trench/tree/main/documentation/website/documentation/models.md",tags:[],version:"current",frontMatter:{id:"models",title:"Models & Model Generators",sidebar_label:"Models & Model Generators"},sidebar:"docs",previous:{title:"Rules",permalink:"/docs/rules"},next:{title:"Shims",permalink:"/docs/shims"}},s={},d=[{value:"Models",id:"models",level:2},{value:"Method name format",id:"method-name-format",level:3},{value:"Access path format",id:"access-path-format",level:3},{value:"Kinds",id:"kinds",level:3},{value:"Sources",id:"sources",level:3},{value:"Sinks",id:"sinks",level:3},{value:"Return Sinks",id:"return-sinks",level:3},{value:"Propagation",id:"propagation",level:3},{value:"Features",id:"features",level:3},{value:"Attach to Sources",id:"attach-to-sources",level:4},{value:"Attach to Sinks",id:"attach-to-sinks",level:4},{value:"Attach to Propagations",id:"attach-to-propagations",level:4},{value:"Add Features to Arguments",id:"add-features-to-arguments",level:4},{value:"Via-type Features",id:"via-type-features",level:4},{value:"Via-value Features",id:"via-value-features",level:4},{value:"Taint Broadening",id:"taint-broadening",level:3},{value:"Propagation Broadening",id:"propagation-broadening",level:4},{value:"Issue Broadening Feature",id:"issue-broadening-feature",level:5},{value:"Widen Broadening Feature",id:"widen-broadening-feature",level:5},{value:"Sanitizers",id:"sanitizers",level:3},{value:"Kind-specific Sanitizers",id:"kind-specific-sanitizers",level:4},{value:"Port-specific Sanitizers",id:"port-specific-sanitizers",level:4},{value:"Modes",id:"modes",level:3},{value:"Default model",id:"default-model",level:3},{value:"Field Models",id:"field-models",level:3},{value:"Literal Models",id:"literal-models",level:3},{value:"Model Generators",id:"model-generators",level:2},{value:"Example",id:"example",level:3},{value:"Specification",id:"specification",level:3},{value:"Development",id:"development",level:3},{value:"When Sources or Sinks don&#39;t appear in Results",id:"when-sources-or-sinks-dont-appear-in-results",level:4}],m=(p="FbModels",function(e){return console.warn("Component "+p+" was not imported, exported, or provided by MDXProvider as global scope"),(0,i.mdx)("div",e)});var p;const u={toc:d};function c(e){let{components:n,...a}=e;return(0,i.mdx)("wrapper",(0,t.Z)({},u,a,{components:n,mdxType:"MDXLayout"}),(0,i.mdx)("p",null,"The main way to configure the analysis is through defining model generators. Each model generator defines (1) a ",(0,i.mdx)("strong",{parentName:"p"},"filter"),", made up of constraints to specify the methods (or fields) for which a model should be generated, and (2) a ",(0,i.mdx)("strong",{parentName:"p"},"model"),", an abstract representation of how data flows through a method."),(0,i.mdx)("p",null,"Model generators are what define Sink and Source kinds which are the key component of ",(0,i.mdx)("a",{parentName:"p",href:"/docs/rules"},"Rules"),". Model generators can do other things too, like attach ",(0,i.mdx)("strong",{parentName:"p"},"features")," (a.k.a. breadcrumbs) to flows and ",(0,i.mdx)("strong",{parentName:"p"},"sanitize"),' (redact) flows which go through certain "data-safe" methods (e.g. a method which hashes a user\'s password).'),(0,i.mdx)("p",null,"Filters are conceptually straightforward. Thus, this page focuses heavily on conceptualizing and providing examples for the various types of models. See the ",(0,i.mdx)("a",{parentName:"p",href:"#model-generators"},"Model Generators")," section for full implementation documentation for both filters and models."),(0,i.mdx)("h2",{id:"models"},"Models"),(0,i.mdx)("p",null,"A model is an abstract representation of how data flows through a method."),(0,i.mdx)("p",null,"A model essentialy consists of:"),(0,i.mdx)("ul",null,(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("a",{parentName:"li",href:"#sources"},"Sources"),": a set of sources that the method produces or receives on parameters;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("a",{parentName:"li",href:"#sinks"},"Sinks"),": a set of sinks on the method;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("a",{parentName:"li",href:"#propagation"},"Propagation"),": a description of how the method propagates taint coming into it (e.g, the first parameter updates the second, the second parameter updates the return value, etc.);"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("a",{parentName:"li",href:"#attach-to-sources"},"Attach to Sources"),": a set of features/breadcrumbs to add on an any sources flowing out of the method;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("a",{parentName:"li",href:"#attach-to-sinks"},"Attach to Sinks"),": a set of features/breadcrumbs to add on sinks of a given parameter;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("a",{parentName:"li",href:"#attach-to-propagations"},"Attach to Propagations"),": a set of features/breadcrumbs to add on propagations for a given parameter or return value;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("a",{parentName:"li",href:"#add-features-to-arguments"},"Add Features to Arguments"),": a set of features/breadcrumbs to add on any taint that might flow in a given parameter;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("a",{parentName:"li",href:"#sanitizers"},"Sanitizers"),": specifications of taint flows to stop;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("a",{parentName:"li",href:"#modes"},"Modes"),": a set of flags describing specific behaviors (see below).")),(0,i.mdx)("p",null,"Models can be specified in JSON. For example to mark the string parameter to our ",(0,i.mdx)("inlineCode",{parentName:"p"},"Logger.log")," function as a sink we can specify it as"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-json"},'{\n  "find": "methods",\n  "where": [\n    {\n      "constraint": "signature_match",\n      "parent": "Lcom/example/Logger;",\n      "name": "log"\n    }\n  ],\n  "model": {\n    "sinks": [\n      {\n        "kind": "Logging",\n        "port": "Argument(1)"\n      }\n    ]\n  }\n}\n')),(0,i.mdx)("p",null,"Note that the naming of methods follow the ",(0,i.mdx)("a",{parentName:"p",href:"#method-name-format"},"Dalvik's bytecode format"),"."),(0,i.mdx)("h3",{id:"method-name-format"},"Method name format"),(0,i.mdx)("p",null,"The format used for method names is:"),(0,i.mdx)("p",null,(0,i.mdx)("inlineCode",{parentName:"p"},"<className>.<methodName>:(<parameterType1><parameterType2>)<returnType>")),(0,i.mdx)("p",null,"Example: ",(0,i.mdx)("inlineCode",{parentName:"p"},"Landroidx/fragment/app/Fragment;.startActivity:(Landroid/content/Intent;)V")),(0,i.mdx)("p",null,"For the parameters and return types use the following table to pick the correct one (please refer to ",(0,i.mdx)("a",{parentName:"p",href:"https://docs.oracle.com/javase/specs/jvms/se7/html/jvms-4.html#jvms-4.3.2-200"},"JVM doc")," for more details)"),(0,i.mdx)("ul",null,(0,i.mdx)("li",{parentName:"ul"},"V - void"),(0,i.mdx)("li",{parentName:"ul"},"Z - boolean"),(0,i.mdx)("li",{parentName:"ul"},"B - byte"),(0,i.mdx)("li",{parentName:"ul"},"S - short"),(0,i.mdx)("li",{parentName:"ul"},"C - char"),(0,i.mdx)("li",{parentName:"ul"},"I - int"),(0,i.mdx)("li",{parentName:"ul"},"J - long (64 bits)"),(0,i.mdx)("li",{parentName:"ul"},"F - float"),(0,i.mdx)("li",{parentName:"ul"},"D - double (64 bits)")),(0,i.mdx)("p",null,"Classes take the form ",(0,i.mdx)("inlineCode",{parentName:"p"},"Lpackage/name/ClassName;")," - where the leading ",(0,i.mdx)("inlineCode",{parentName:"p"},"L")," indicates that it is a class type, ",(0,i.mdx)("inlineCode",{parentName:"p"},"package/name/")," is the package that the class is in. A nested class will take the form ",(0,i.mdx)("inlineCode",{parentName:"p"},"Lpackage/name/ClassName$NestedClassName")," (the ",(0,i.mdx)("inlineCode",{parentName:"p"},"$")," will need to be double escaped ",(0,i.mdx)("inlineCode",{parentName:"p"},"\\\\$")," in json regex)."),(0,i.mdx)("blockquote",null,(0,i.mdx)("p",{parentName:"blockquote"},(0,i.mdx)("strong",{parentName:"p"},"NOTE:")," Instance (i.e, non-static) method parameters are indexed starting from 1! The 0th parameter is the ",(0,i.mdx)("inlineCode",{parentName:"p"},"this")," parameter in dalvik byte-code. For static method parameter, indices start from 0.")),(0,i.mdx)("h3",{id:"access-path-format"},"Access path format"),(0,i.mdx)("p",null,'An access path describes the symbolic location of a taint. This is commonly used to indicate where a source or a sink originates from. The "port" field of any model is represented by an access path.'),(0,i.mdx)("p",null,"An access path is composed of a root and a path."),(0,i.mdx)("p",null,"The root is either:"),(0,i.mdx)("ul",null,(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"Return"),", representing the returned value;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"Argument(x)")," (where ",(0,i.mdx)("inlineCode",{parentName:"li"},"x")," is an integer), representing the parameter number ",(0,i.mdx)("inlineCode",{parentName:"li"},"x"),";")),(0,i.mdx)("p",null,"The path is a (possibly empty) list of path elements. A path element can be any of the following kinds:"),(0,i.mdx)("ul",null,(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"field"),": represents a field name. String encoding is a dot followed by the field name: ",(0,i.mdx)("inlineCode",{parentName:"li"},".field_name"),";"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"index"),": represents a user defined index for dictionary like objects. String encoding uses square braces to enclose any user defined index: ",(0,i.mdx)("inlineCode",{parentName:"li"},"[index_name]"),";"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"any index"),": represents any or unresolved indices in dictionary like objects. String encoding is an asterisk enclosed in square braces: ",(0,i.mdx)("inlineCode",{parentName:"li"},"[*]"),";"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"index from value of"),": captures the value of the specified callable's port seen at its callsites during taint flow analysis as an ",(0,i.mdx)("inlineCode",{parentName:"li"},"index")," or ",(0,i.mdx)("inlineCode",{parentName:"li"},"any index")," (if the value cannot be resolved). String encoding uses ",(0,i.mdx)("em",{parentName:"li"},"argument root")," to specify the callable's port and encloses it in ",(0,i.mdx)("inlineCode",{parentName:"li"},"[<"),"...",(0,i.mdx)("inlineCode",{parentName:"li"},">]")," to represent that its value is resolved at the callsite to create an index: ",(0,i.mdx)("inlineCode",{parentName:"li"},"[<Argument(x)>]"),";")),(0,i.mdx)("p",null,"Examples:"),(0,i.mdx)("ul",null,(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"Argument(1).name")," corresponds to the ",(0,i.mdx)("em",{parentName:"li"},"field")," ",(0,i.mdx)("inlineCode",{parentName:"li"},"name")," of the second parameter;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"Argument(1)[name]")," corresponds to the ",(0,i.mdx)("em",{parentName:"li"},"index")," ",(0,i.mdx)("inlineCode",{parentName:"li"},"name")," of the dictionary like second parameter;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"Argument(1)[*]")," corresponds to ",(0,i.mdx)("em",{parentName:"li"},"any index")," of the dictionary like second parameter;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"Argument(1)[<Argument(2)>]")," corresponds to an ",(0,i.mdx)("em",{parentName:"li"},"index")," of the dictionary like second parameter whose value is resolved from the third parameter;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"Return")," corresponds to the returned value;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"Return.x")," correpsonds to the field ",(0,i.mdx)("inlineCode",{parentName:"li"},"x")," of the returned value;")),(0,i.mdx)("h3",{id:"kinds"},"Kinds"),(0,i.mdx)("p",null,"A source has a ",(0,i.mdx)("strong",{parentName:"p"},"kind")," that describes its content (e.g, user input, file system, etc). A sink also has a ",(0,i.mdx)("strong",{parentName:"p"},"kind")," that describes the operation the method performs (e.g, execute a command, read a file, etc.). Kinds can be arbitrary strings (e.g, ",(0,i.mdx)("inlineCode",{parentName:"p"},"UserInput"),"). We usually avoid whitespaces."),(0,i.mdx)("h3",{id:"sources"},"Sources"),(0,i.mdx)("p",null,"Sources describe sources produced or received by a given method. A source can either flow out via the return value or flow via a given parameter. A source has a ",(0,i.mdx)("strong",{parentName:"p"},"kind")," that describes its content (e.g, user input, file system, etc)."),(0,i.mdx)("p",null,"Here is an example where the source flows by return value:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-java"},'public static String getPath() {\n    return System.getenv().get("PATH");\n}\n')),(0,i.mdx)("p",null,"The JSON model generator for this method could be:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-json"},'{\n  "find": "methods",\n  "where": [\n    {\n      "constraint": "signature_match",\n      "parent": "Lcom/example/Class;",\n      "name": "getPath"\n    }\n  ],\n  "model": {\n    "sources": [\n      {\n        "kind": "UserControlled",\n        "port": "Return"\n      }\n    ]\n  }\n}\n')),(0,i.mdx)("p",null,"Here is an example where the source flows in via an argument:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-java"},"class MyActivity extends Activity {\n  public void onNewIntent(Intent intent) {\n    // intent should be considered a source here.\n  }\n}\n")),(0,i.mdx)("p",null,"The JSON model generator for this method could be:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-json"},'{\n  "find": "methods",\n  "where": [\n    {\n      "constraint": "signature_match",\n      "extends": "Landroid/app/Activity",\n      "name": "onNewIntent"\n    }\n  ],\n  "model": {\n    "sources": [\n      {\n        "kind": "UserControlled",\n        "port": "Argument(1)"\n      }\n    ]\n  }\n}\n')),(0,i.mdx)("p",null,"Note that the implicit ",(0,i.mdx)("inlineCode",{parentName:"p"},"this")," parameter is considered the argument 0."),(0,i.mdx)("h3",{id:"sinks"},"Sinks"),(0,i.mdx)("p",null,"Sinks describe dangerous or sensitive methods in the code. A sink has a ",(0,i.mdx)("strong",{parentName:"p"},"kind")," that represents the type of operation the method does (e.g, command execution, file system operation, etc). A sink must be attached to a given parameter of the method. A method can have multiple sinks."),(0,i.mdx)("p",null,"Here is an example of a sink:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-java"},"public static String readFile(String path, String extension, int mode) {\n    // Return the content of the file path.extension\n}\n")),(0,i.mdx)("p",null,"Since ",(0,i.mdx)("inlineCode",{parentName:"p"},"path")," and ",(0,i.mdx)("inlineCode",{parentName:"p"},"extension")," can be used to read arbitrary files, we consider them sinks. We do not consider ",(0,i.mdx)("inlineCode",{parentName:"p"},"mode")," as a sink since we do not care whether the user can control it. The JSON model generator for this method could be:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-json"},'{\n  "find": "methods",\n  "where": [\n    {\n      "constraint": "signature_match",\n      "parent": "Lcom/example/Class",\n      "name": "readFile"\n    }\n  ],\n  "model": {\n    "sinks": [\n      {\n        "kind": "FileRead",\n        "port": "Argument(0)"\n      },\n      {\n        "kind": "FileRead",\n        "port": "Argument(1)"\n      }\n    ]\n  }\n}\n')),(0,i.mdx)("h3",{id:"return-sinks"},"Return Sinks"),(0,i.mdx)("p",null,"Return sinks can be used to describe that a method should not return tainted information. A return sink is just a normal sink with a ",(0,i.mdx)("inlineCode",{parentName:"p"},"Return")," port."),(0,i.mdx)("h3",{id:"propagation"},"Propagation"),(0,i.mdx)("p",null,"Propagations \u2212 also called ",(0,i.mdx)("strong",{parentName:"p"},"tito")," (Taint In Taint Out) or ",(0,i.mdx)("strong",{parentName:"p"},"passthrough")," in other tools \u2212 describe how the method propagates taint. A propagation as an ",(0,i.mdx)("strong",{parentName:"p"},"input")," (where the taint comes from) and an ",(0,i.mdx)("strong",{parentName:"p"},"output")," (where the taint is moved to)."),(0,i.mdx)("p",null,"Here is an example of a propagation:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-java"},"public static String concat(String x, String y) {\n  return x + y;\n}\n")),(0,i.mdx)("p",null,"The return value of the method can be controlled by both parameters, hence it has the propagations ",(0,i.mdx)("inlineCode",{parentName:"p"},"Argument(0) -> Return")," and ",(0,i.mdx)("inlineCode",{parentName:"p"},"Argument(1) -> Return"),". The JSON model generator for this method could be:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-json"},'{\n  "find": "methods",\n  "where": [\n    {\n      "constraint": "signature_match",\n      "parent": "Lcom/example/Class",\n      "name": "concat"\n    }\n  ],\n  "model": {\n    "propagation": [\n      {\n        "input": "Argument(0)",\n        "output": "Return"\n      },\n      {\n        "input": "Argument(1)",\n        "output": "Return"\n      }\n    ]\n  }\n}\n')),(0,i.mdx)("h3",{id:"features"},"Features"),(0,i.mdx)("p",null,"Features (also called ",(0,i.mdx)("strong",{parentName:"p"},"breadcrumbs"),") can be used to tag a flow and help filtering issues. A feature describes a property of a flow. A feature can be any arbitrary string."),(0,i.mdx)("p",null,"For instance, the feature ",(0,i.mdx)("inlineCode",{parentName:"p"},"via-numerical-operator")," is used to describe that the data flows through a numerical operator such as an addition."),(0,i.mdx)("p",null,"Features are very useful to filter flows in the SAPP UI. E.g. flows with a cast from string to integer are can sometimes be less important during triaging since controlling an integer is more difficult to exploit than controlling a full string."),(0,i.mdx)("p",null,"Note that features ",(0,i.mdx)("strong",{parentName:"p"},"do not stop")," the flow, they just help triaging."),(0,i.mdx)("h4",{id:"attach-to-sources"},"Attach to Sources"),(0,i.mdx)("p",null,(0,i.mdx)("em",{parentName:"p"},"Attach to sources")," is used to add a set of ",(0,i.mdx)("a",{parentName:"p",href:"#features"},"features")," on any sources flowing out of a method through a given parameter or return value."),(0,i.mdx)("p",null,"For instance, if we want to add the feature ",(0,i.mdx)("inlineCode",{parentName:"p"},"via-signed")," to all sources flowing out of the given method:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-java"},"public String getSignedCookie();\n")),(0,i.mdx)("p",null,"We could use the following JSON model generator:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-json"},'{\n  "find": "methods",\n  "where": [\n    {\n      "constraint": "signature_match",\n      "parent": "Lcom/example/Class",\n      "name": "getSignedCookie"\n    }\n  ],\n  "model": {\n    "attach_to_sources": [\n      {\n        "features": [\n          "via-signed"\n        ],\n        "port": "Return"\n      }\n    ]\n  }\n}\n')),(0,i.mdx)("p",null,"Note that this is only useful for sources inferred by the analysis. If you know that ",(0,i.mdx)("inlineCode",{parentName:"p"},"getSignedCookie")," returns a source of a given kind, you should use a source instead."),(0,i.mdx)("h4",{id:"attach-to-sinks"},"Attach to Sinks"),(0,i.mdx)("p",null,(0,i.mdx)("em",{parentName:"p"},"Attach to sinks")," is used to add a set of ",(0,i.mdx)("a",{parentName:"p",href:"#features"},"features")," on all sinks on the given parameter of a method."),(0,i.mdx)("p",null,"For instance, if we want to add the feature ",(0,i.mdx)("inlineCode",{parentName:"p"},"via-user")," on all sinks of the given method:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-java"},"class User {\n  public static User findUser(String username) {\n    // The code here might use SQL, Thrift, or anything. We don't need to know.\n  }\n}\n")),(0,i.mdx)("p",null,"We could use the following JSON model generator:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-json"},'{\n  "find": "methods",\n  "where": [\n    {\n      "constraint": "signature_match",\n      "parent": "Lcom/example/User",\n      "name": "findUser"\n    }\n  ],\n  "model": {\n    "attach_to_sinks": [\n      {\n        "features": [\n          "via-user"\n        ],\n        "port": "Argument(0)"\n      }\n    ]\n  }\n}\n')),(0,i.mdx)("p",null,"Note that this is only useful for sinks inferred by the analysis. If you know that ",(0,i.mdx)("inlineCode",{parentName:"p"},"findUser")," is a sink of a given kind, you should use a sink instead."),(0,i.mdx)("h4",{id:"attach-to-propagations"},"Attach to Propagations"),(0,i.mdx)("p",null,(0,i.mdx)("em",{parentName:"p"},"Attach to propagations")," is used to add a set of ",(0,i.mdx)("a",{parentName:"p",href:"#features"},"features")," on all propagations from or to a given parameter or return value of a method."),(0,i.mdx)("p",null,"For instance, if we want to add the feature ",(0,i.mdx)("inlineCode",{parentName:"p"},"via-concat")," to the propagations of the given method:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-java"},"public static String concat(String x, String y);\n")),(0,i.mdx)("p",null,"We could use the following JSON model generator:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-json"},'{\n  "find": "methods",\n  "where": [\n    {\n      "constraint": "signature_match",\n      "parent": "Lcom/example/Class",\n      "name": "concat"\n    }\n  ],\n  "model": {\n    "attach_to_propagations": [\n      {\n        "features": [\n          "via-concat"\n        ],\n        "port": "Return" // We could also use Argument(0) and Argument(1)\n      }\n    ]\n  }\n}\n')),(0,i.mdx)("p",null,"Note that this is only useful for propagations inferred by the analysis. If you know that ",(0,i.mdx)("inlineCode",{parentName:"p"},"concat")," has a propagation, you should model it as a propagation directly."),(0,i.mdx)("h4",{id:"add-features-to-arguments"},"Add Features to Arguments"),(0,i.mdx)("p",null,(0,i.mdx)("em",{parentName:"p"},"Add features to arguments")," is used to add a set of ",(0,i.mdx)("a",{parentName:"p",href:"#features"},"features")," on all sources that ",(0,i.mdx)("strong",{parentName:"p"},"might")," flow on a given parameter of a method."),(0,i.mdx)("p",null,(0,i.mdx)("em",{parentName:"p"},"Add features to arguments")," implies ",(0,i.mdx)("em",{parentName:"p"},"Attach to sources"),", ",(0,i.mdx)("em",{parentName:"p"},"Attach to sinks")," and ",(0,i.mdx)("em",{parentName:"p"},"Attach to propagations"),", but it also accounts for possible side effects at call sites."),(0,i.mdx)("p",null,"For instance:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-java"},'public static void log(String message) {\n  System.out.println(message);\n}\npublic void buyView() {\n  String username = getParameter("username");\n  String product = getParameter("product");\n  log(username);\n  buy(username, product);\n}\n')),(0,i.mdx)("p",null,"Technically, the ",(0,i.mdx)("inlineCode",{parentName:"p"},"log")," method doesn't have any source, sink or propagation. We can use ",(0,i.mdx)("em",{parentName:"p"},"add features to arguments")," to add a feature ",(0,i.mdx)("inlineCode",{parentName:"p"},"was-logged")," on the flow from ",(0,i.mdx)("inlineCode",{parentName:"p"},'getParameter("username")')," to ",(0,i.mdx)("inlineCode",{parentName:"p"},"buy(username, product)"),". We could use the following JSON model generator for the ",(0,i.mdx)("inlineCode",{parentName:"p"},"log")," method:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-json"},'{\n  "find": "methods",\n  "where": [\n    {\n      "constraint": "signature_match",\n      "parent": "Lcom/example/Class",\n      "name": "log"\n    }\n  ],\n  "model": {\n    "add_features_to_arguments": [\n      {\n        "features": [\n          "was-logged"\n        ],\n        "port": "Argument(0)"\n      }\n    ]\n  }\n}\n')),(0,i.mdx)("h4",{id:"via-type-features"},"Via-type Features"),(0,i.mdx)("p",null,(0,i.mdx)("em",{parentName:"p"},"Via-type")," features are used to keep track of the type of a callable\u2019s port seen at its callsites during taint flow analysis. They are specified in model generators within the \u201csources\u201d or \u201csinks\u201d field of a model with the \u201cvia_type_of\u201d field. It is mapped to a nonempty list of ports of the method for which we want to create via-type features."),(0,i.mdx)("p",null,"For example, if we were interested in the specific Activity subclasses with which the method below was called:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-java"},"\npublic void startActivityForResult(Intent intent, int requestCode);\n\n// At some callsite:\nActivitySubclass activitySubclassInstance;\nactivitySubclassInstance.startActivityForResult(intent, requestCode);\n\n")),(0,i.mdx)("p",null,"we could use the following JSON to specifiy a via-type feature that would materialize as ",(0,i.mdx)("inlineCode",{parentName:"p"},"via-type:ActivitySubclass"),":"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-json"},'{\n  "find": "methods",\n  "where": [\n    {\n      "constraint": "signature_match",\n      "parent": "Lcom/example/Class",\n      "name": "startActivityForResult"\n    }\n  ],\n  "model": {\n    "sinks": [\n      {\n        "port": "Argument(1)",\n        "kind": "SinkKind",\n        "via_type_of": [\n          "Argument(0)"\n        ]\n      }\n    ]\n  }\n}\n')),(0,i.mdx)("h4",{id:"via-value-features"},"Via-value Features"),(0,i.mdx)("p",null,(0,i.mdx)("em",{parentName:"p"},"Via-value")," feature captures the value of the specified callable's port seen at its callsites during taint flow analysis. They are specified similar to ",(0,i.mdx)("inlineCode",{parentName:"p"},"Via-type"),' features -- in model generators within the "sources" or "sinks" field of a model with the "via_value_of" field. It is mapped to a nonempty list of ports of the method for which we want to create via-value features.'),(0,i.mdx)("p",null,"For example, if we were interested in the specific ",(0,i.mdx)("inlineCode",{parentName:"p"},"mode")," with which the method below was called:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-java"},'public void log(String mode, String message);\n\nclass Constants {\n  public static final String MODE = "M1";\n}\n\n// At some callsite:\nlog(Constants.MODE, "error message");\n\n')),(0,i.mdx)("p",null,"we could use the following JSON to specifiy a via-value feature that would materialize as ",(0,i.mdx)("inlineCode",{parentName:"p"},"via-value:M1"),":"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-json"},'{\n  "find": "methods",\n  "where": [\n    {\n      "constraint": "signature_match",\n      "parent": "Lcom/example/Class",\n      "name": "log"\n    }\n  ],\n  "model": {\n    "sinks": [\n      {\n        "port": "Argument(1)",\n        "kind": "SinkKind",\n        "via_value_of": [\n          "Argument(0)"\n        ]\n      }\n    ]\n  }\n}\n')),(0,i.mdx)("p",null,"Note that this only works for numeric and string literals. In cases where the argument is not a constant, the feature will appear as ",(0,i.mdx)("inlineCode",{parentName:"p"},"via-value:unknown"),"."),(0,i.mdx)("h3",{id:"taint-broadening"},"Taint Broadening"),(0,i.mdx)("p",null,(0,i.mdx)("strong",{parentName:"p"},"Taint broadening")," (also called ",(0,i.mdx)("strong",{parentName:"p"},"collapsing"),") happens when Mariana Trench needs to make an approximation about a taint flow. It is the operation of reducing a ",(0,i.mdx)("strong",{parentName:"p"},"taint tree")," into a single element. A ",(0,i.mdx)("strong",{parentName:"p"},"taint tree")," is a tree where edges are field names and nodes are taint element. This is how Mariana Trench represents internally which fields (or sequence of fields) are tainted."),(0,i.mdx)("p",null,"For instance, analyzing the following code:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-java"},"MyClass var = new MyClass();\nvar.a = sourceX();\nvar.b.c = sourceY();\nvar.b.d = sourceZ();\n")),(0,i.mdx)("p",null,"The taint tree of variable ",(0,i.mdx)("inlineCode",{parentName:"p"},"var")," would be:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre"},"      .\n  a /   \\ b\n { X }    .\n       c / \\ d\n     { Y }  { Z }\n")),(0,i.mdx)("p",null,"After collapsing, the tree is reduced to a single node ",(0,i.mdx)("inlineCode",{parentName:"p"},"{ X, Y, Z }"),", which is less precise."),(0,i.mdx)("p",null,"In conclusion, taint broadening effectively leads to considering the whole object as tainted while only some specific fields were initially tainted. This might happen for the correctness of the analysis or for performance reasons."),(0,i.mdx)("p",null,"In the following sections, we will discuss when collapsing can happen. In most cases, a feature is automatically added on collapsed taint to help detect false positives."),(0,i.mdx)("h4",{id:"propagation-broadening"},"Propagation Broadening"),(0,i.mdx)("p",null,"Taint collapsing is applied when taint is propagated through a method."),(0,i.mdx)("p",null,"For instance:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-java"},"MyClass input = new MyClass();\ninput.a = SourceX();\nMyClass output = SomeClass.UnknownMethod(input);\nSink(output.b); // Considered an issue since `output` is considered tainted. This could be a False Negative without collapsing.\n")),(0,i.mdx)("p",null,"In that case, the ",(0,i.mdx)("a",{parentName:"p",href:"#feature"},"feature")," ",(0,i.mdx)("inlineCode",{parentName:"p"},"via-propagation-broadening")," will be automatically added on the taint. This can help identify false positives."),(0,i.mdx)("p",null,"If you know that this method ",(0,i.mdx)("strong",{parentName:"p"},"preserves the structure")," of the parameter, you could specify a model and disable collapsing using the ",(0,i.mdx)("inlineCode",{parentName:"p"},"collapse")," attribute within a ",(0,i.mdx)("a",{parentName:"p",href:"#propagation"},(0,i.mdx)("inlineCode",{parentName:"a"},"propagation")),":"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-json"},'{\n  "find": "methods",\n  "where": [\n    {\n      "constraint": "signature_match",\n      "parent": "Lcom/example/SomeClass",\n      "name": "UnknownMethod"\n    }\n  ],\n  "model": {\n    "propagation": [\n      {\n        "input": "Argument(0)",\n        "output": "Return",\n        "collapse": false\n      }\n    ]\n  }\n}\n')),(0,i.mdx)("p",null,"Note that Mariana Trench can usually infer when a method propagates taint without collapsing it when it has access to the code of that method and subsequent calls. For instance:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-java"},"public String identity(String x) {\n  // Automatically infers a propagation `Arg(0) -> Return` with `collapse=false`\n  return x;\n}\n")),(0,i.mdx)("h5",{id:"issue-broadening-feature"},"Issue Broadening Feature"),(0,i.mdx)("p",null,"The ",(0,i.mdx)("inlineCode",{parentName:"p"},"via-issue-broadening")," feature is added to issues where the taint flowing into the sink was not held directly on the object passed in but on one of its fields. For example:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-java"},"Class input = new Class();\ninput.field = source();\nsink(input); // `input` is not tainted, but `input.field` is tainted and creates an issue\n")),(0,i.mdx)("h5",{id:"widen-broadening-feature"},"Widen Broadening Feature"),(0,i.mdx)("p",null,"For performance reasons, if a given taint tree becomes very large (either in depth or in number of nodes at a given level), Mariana Trench collapses the tree to a smaller size. In these cases, the ",(0,i.mdx)("inlineCode",{parentName:"p"},"via-widen-broadening")," feature is added to the collapsed taint"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-java"},"Class input = new Class();\nif (\\* condition *\\) {\n  input.field1 = source();\n  input.field2 = source();\n  ...\n} else {\n  input.fieldA = source();\n  input.fieldB = source();\n  ...\n}\nsink(input); // Too many fields are sources so the whole input object becomes tainted\n")),(0,i.mdx)("h3",{id:"sanitizers"},"Sanitizers"),(0,i.mdx)("p",null,"Specifying sanitizers on a model allow us to stop taint flowing through that method. In Mariana Trench, they can be one of three types -"),(0,i.mdx)("ul",null,(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"sources"),": prevent any taint sources from flowing out of the method"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"sinks"),": prevent taint from reaching any sinks within the method"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"propagations"),": prevent propagations from being inferred between any two ports of the method.")),(0,i.mdx)("p",null,"These can be specified in model generators as follows -"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-json"},'{\n  "find": "methods",\n  "where": ...,\n  "model": {\n    "sanitizers": [\n      {\n        "sanitize": "sources"\n      },\n      {\n        "sanitize": "sinks"\n      },\n      {\n        "sanitize": "propagations"\n      }\n    ],\n    ...\n  }\n}\n')),(0,i.mdx)("p",null,"Note, if there are any user-specificed sources, sinks or propagations on the model, sanitizers will not affect them, but it will prevent them from being propagated outward to callsites."),(0,i.mdx)("h4",{id:"kind-specific-sanitizers"},"Kind-specific Sanitizers"),(0,i.mdx)("p",null,(0,i.mdx)("inlineCode",{parentName:"p"},"sources")," and ",(0,i.mdx)("inlineCode",{parentName:"p"},"sinks")," sanitizers may include a list of kinds (each with or without a partial_label) to restrict the sanitizer to only sanitizing taint of those kinds. (When unspecified, as in the example above, all taint is sanitized regardless of kind)."),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-json"},'"sanitizers": [\n  {\n    "sanitize": "sinks",\n    "kinds": [\n      {\n        "kind": "SinkKindA"\n      },\n      {\n        "kind": "SinkKindB",\n        "partial_label": "A"\n      }\n    ]\n  }\n]\n')),(0,i.mdx)("h4",{id:"port-specific-sanitizers"},"Port-specific Sanitizers"),(0,i.mdx)("p",null,"Sanitizers can also specify a specific port (",(0,i.mdx)("a",{parentName:"p",href:"/docs/models#access-path-format"},"access path")," root) they sanitize (ignoring all the rest). This field ",(0,i.mdx)("inlineCode",{parentName:"p"},"port")," has a slightly different meaning for each kind of sanitizer -"),(0,i.mdx)("ul",null,(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"sources"),": represents the output port through which sources may not leave the method"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"sinks"),": represents the input port through which taint may not trigger any sinks within the model"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"propagations"),": represents the input port through which a propagation to any other port may not be inferred")),(0,i.mdx)("p",null,"For example if the following method"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-java"},"public void someMethod(Object argument1, Object argument2) {\n  toSink(argument1);\n  toSink(argument2);\n}\n")),(0,i.mdx)("p",null,"had the following sanitizer in its model,"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-json"},'"sanitizers": [\n  {\n    "sanitize": "sinks",\n    "port": "Argument(1)"\n  }\n]\n')),(0,i.mdx)("p",null,"Then a source flowing into ",(0,i.mdx)("inlineCode",{parentName:"p"},"argument1")," would be able to cause an issue, but not a source flowing into ",(0,i.mdx)("inlineCode",{parentName:"p"},"argument2"),"."),(0,i.mdx)("p",null,"Kind and port specifications may be included in the same sanitizer."),(0,i.mdx)("h3",{id:"modes"},"Modes"),(0,i.mdx)("p",null,"Modes are used to describe specific behaviors of methods. Available modes are:"),(0,i.mdx)("ul",null,(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"skip-analysis"),": skip the analysis of the method;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"add-via-obscure-feature"),": add a feature/breadcrumb called ",(0,i.mdx)("inlineCode",{parentName:"li"},"via-obscure:<method>")," to sources flowing through this method;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"taint-in-taint-out"),": propagate the taint on arguments to the return value;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"taint-in-taint-this"),": propagate the taint on arguments into the ",(0,i.mdx)("inlineCode",{parentName:"li"},"this")," parameter;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"no-join-virtual-overrides"),": do not consider all possible overrides when handling a virtual call to this method;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"no-collapse-on-propagation"),": do not collapse input paths when applying propagations;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"alias-memory-location-on-invoke"),": aliases existing memory location at the callsite instead of creating a new one;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"strong-write-on-propagation"),": performs a strong write from input path to the output path on propagation;")),(0,i.mdx)("h3",{id:"default-model"},"Default model"),(0,i.mdx)("p",null,"A default model is created for each method, except if it is provided by a model generator. The default model has a set of heuristics:"),(0,i.mdx)("p",null,"If the method has no source code, the model is automatically marked with the modes ",(0,i.mdx)("inlineCode",{parentName:"p"},"skip-analysis")," and ",(0,i.mdx)("inlineCode",{parentName:"p"},"add-via-obscure-feature"),"."),(0,i.mdx)("p",null,"If the method has more than 40 overrides, it is marked with the mode ",(0,i.mdx)("inlineCode",{parentName:"p"},"no-join-virtual-overrides"),"."),(0,i.mdx)("p",null,"Otherwise, the default model is empty (no sources/sinks/propagations)."),(0,i.mdx)("h3",{id:"field-models"},"Field Models"),(0,i.mdx)("p",null,"These models represent user-defined taint on class fields (as opposed to methods, as described in all the previous sections on this page). They are specified in a similar way to method models as described below."),(0,i.mdx)("blockquote",null,(0,i.mdx)("p",{parentName:"blockquote"},(0,i.mdx)("strong",{parentName:"p"},"NOTE:")," Field sources should not be applied to fields that are both final and of a primitive type (",(0,i.mdx)("inlineCode",{parentName:"p"},"int"),", ",(0,i.mdx)("inlineCode",{parentName:"p"},"char"),", ",(0,i.mdx)("inlineCode",{parentName:"p"},"float"),", etc as well as ",(0,i.mdx)("inlineCode",{parentName:"p"},"java.lang.String"),") as the Java compiler optimizes accesses of these fields in the bytecode into accesses of the constant value they hold. In this scenario, Mariana Trench has no way of recognizing that the constant was meant to carry a source.")),(0,i.mdx)("p",null,"Example field model generator for sources:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-json"},'{\n  "find": "fields",\n  "where": [\n    {\n      "constraint": "name",\n      "pattern": "SOURCE_EXAMPLE"\n    }\n  ],\n  "model": {\n    "sources" : [\n      {\n        "kind": "FieldSource"\n      }\n    ]\n  }\n}\n')),(0,i.mdx)("p",null,"Example code:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-java"},"public class TestClass {\n  // Field that we know to be tainted\n  public Object SOURCE_EXAMPLE = ...;\n\n  void flow() {\n    sink(EXAMPLE, ...);\n  }\n}\n")),(0,i.mdx)("p",null,"Example field model generator for sinks:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-json"},'{\n  "find": "fields",\n  "where": [\n    {\n      "constraint": "name",\n      "pattern": "SINK_EXAMPLE"\n    }\n  ],\n  "model": {\n    "sinks" : [\n      {\n        "kind": "FieldSink"\n      }\n    ]\n  }\n}\n')),(0,i.mdx)("p",null,"Example code:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-java"},"public class TestClass {\n  public Object SINK_EXAMPLE = ...;\n\n  void flow() {\n    SINK_EXAMPLE = source();\n  }\n}\n")),(0,i.mdx)("p",null,"Field signature formats follow the Dalvik bytecode format similar to methods as discussed ",(0,i.mdx)("a",{parentName:"p",href:"#method-name-format"},"above"),". This is of the form ",(0,i.mdx)("inlineCode",{parentName:"p"},"<className>.<fieldName>:<fieldType>"),"."),(0,i.mdx)("h3",{id:"literal-models"},"Literal Models"),(0,i.mdx)("p",null,"Literal models represent user-defined taints on string literals matching configurable regular expressions. They can only be configured as sources and are intended to identify suspicious patterns, such as user-controlled data being concatenated with a string literal which looks like an SQL query."),(0,i.mdx)("blockquote",null,(0,i.mdx)("p",{parentName:"blockquote"},(0,i.mdx)("strong",{parentName:"p"},"NOTE:")," Each use of a literal in the analysed code which matches a pattern in a literal model will generate a new taint which needs to be explored by Mariana Trench. Using overly broad patterns like ",(0,i.mdx)("inlineCode",{parentName:"p"},".*")," should thus be avoided, as they can lead to poor performance and high memory usage.")),(0,i.mdx)("p",null,"Example literal models:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre"},'[\n  {\n    "pattern": "SELECT \\\\*.*",\n    "description": "Potential SQL Query",\n    "sources": [\n      {\n        "kind": "SqlQuery"\n      }\n    ]\n  },\n  {\n    "pattern": "AI[0-9A-Z]{16}",\n    "description": "Suspected Google API Key",\n    "sources": [\n      {\n        "kind": "GoogleAPIKey"\n      }\n    ]\n  }\n]\n')),(0,i.mdx)("p",null,"Example code:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-java"},'void testRegexSource() {\n  String prefix = "SELECT * FROM USERS WHERE id = ";\n  String aci = getAttackerControlledInput();\n  String query = prefix + aci; // Sink\n}\n\nvoid testRegexSourceGoogleApiKey() {\n  String secret = "AIABCD1234EFGH5678";\n  sink(secret);\n}\n')),(0,i.mdx)("h2",{id:"model-generators"},"Model Generators"),(0,i.mdx)("p",null,"Mariana Trench allows for dynamic model specifications. This allows a user to specify models of methods before running the analysis. This is used to specify sources, sinks, propagation and modes."),(0,i.mdx)("p",null,"Model generators are specified in a generator configuration file, specified by the ",(0,i.mdx)("inlineCode",{parentName:"p"},"--generator-configuration-path")," parameter. By default, we use ",(0,i.mdx)("a",{parentName:"p",href:"https://github.com/facebook/mariana-trench/blob/main/configuration/default_generator_config.json"},(0,i.mdx)("inlineCode",{parentName:"a"},"default_generator_config.json")),"."),(0,i.mdx)("h3",{id:"example"},"Example"),(0,i.mdx)("p",null,"Examples of model generators are located in the ",(0,i.mdx)("a",{parentName:"p",href:"https://github.com/facebook/mariana-trench/tree/main/configuration/model-generators"},(0,i.mdx)("inlineCode",{parentName:"a"},"configuration/model-generators"))," directory."),(0,i.mdx)("p",null,"Below is an example of a JSON model generator:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-json"},'{\n  "model_generators": [\n    {\n      "find": "methods",\n      "where": [{"constraint": "name", "pattern": "toString"}],\n      "model": {\n        "propagation": [\n          {\n            "input": "Argument(0)",\n            "output": "Return"\n          }\n        ]\n      }\n    },\n    {\n      "find": "methods",\n      "where": [\n        {\n          "constraint": "parent",\n          "inner": {\n            "constraint": "extends",\n            "inner": {\n              "constraint": "name",\n              "pattern": "SandcastleCommand"\n            }\n          }\n        },\n        {"constraint": "name", "pattern": "Time"}\n      ],\n      "model": {\n        "sources": [\n          {\n            "kind": "Source",\n            "port": "Return"\n          }\n        ]\n      }\n    },\n    {\n      "find": "methods",\n      "where": [\n        {\n          "constraint": "parent",\n          "inner": {\n            "constraint": "extends",\n            "inner": {"constraint": "name", "pattern": "IEntWithPurposePolicy"}\n          }\n        },\n        {"constraint": "name", "pattern": "gen.*"},\n        {\n          "constraint": "parameter",\n          "idx": 0,\n          "inner": {\n            "constraint": "type",\n            "kind": "extends",\n            "class": "IViewerContext"\n          }\n        },\n        {\n          "constraint": "return",\n          "inner": {\n            "constraint": "extends",\n            "inner": {"constraint": "name", "pattern": "Ent"}\n          }\n        }\n      ],\n      "model": {\n        "modes": ["add-via-obscure-feature"],\n        "sinks": [\n          {\n            "kind": "Sink",\n            "port": "Argument(0)",\n            "features": ["via-gen"]\n          }\n        ]\n      }\n    }\n  ]\n}\n')),(0,i.mdx)("h3",{id:"specification"},"Specification"),(0,i.mdx)("p",null,"Each JSON file is a JSON object with a key ",(0,i.mdx)("inlineCode",{parentName:"p"},"model_generators"),' associated with a list of "rules".'),(0,i.mdx)("p",null,'Each "rule" defines a "filter" (which uses "constraints" to specify methods for which a "model" should be generated) and a "model". A rule has the following key/values:'),(0,i.mdx)("ul",null,(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("p",{parentName:"li"},(0,i.mdx)("inlineCode",{parentName:"p"},"find"),": The type of thing to find. We support ",(0,i.mdx)("inlineCode",{parentName:"p"},"methods")," and ",(0,i.mdx)("inlineCode",{parentName:"p"},"fields"),";")),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("p",{parentName:"li"},(0,i.mdx)("inlineCode",{parentName:"p"},"where"),': A list of "constraints". All constraints ',(0,i.mdx)("strong",{parentName:"p"},"must be satisfied")," by a method or field in order to generate a model for it. All the constraints are listed below, grouped by the type of object they are applied to:"),(0,i.mdx)("ul",{parentName:"li"},(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("p",{parentName:"li"},(0,i.mdx)("strong",{parentName:"p"},"Method"),":"),(0,i.mdx)("ul",{parentName:"li"},(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"signature_match"),": Expects at least one of the two allowed groups of extra properties: ",(0,i.mdx)("inlineCode",{parentName:"li"},"[name | names] [parent | parents | extends [include_self]]")," where:",(0,i.mdx)("ul",{parentName:"li"},(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"name")," (a single string) or ",(0,i.mdx)("inlineCode",{parentName:"li"},"names")," (a list of alternative strings): is exact matched to the method name"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"parent")," (a single string) or ",(0,i.mdx)("inlineCode",{parentName:"li"},"parents")," (a list of alternative strings) is exact matched to the class of the method or ",(0,i.mdx)("inlineCode",{parentName:"li"},"extends")," (either a single string or a list of alternative strings) is exact matched to the base classes or interfaces of the method. ",(0,i.mdx)("inlineCode",{parentName:"li"},"extends")," allows an additional property ",(0,i.mdx)("inlineCode",{parentName:"li"},"includes_self")," which is a boolean to indicate if the constraint is applied to the class itself or not."))),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"signature | signature_pattern"),": Expects an extra property ",(0,i.mdx)("inlineCode",{parentName:"li"},"pattern")," which is a regex to fully match the full signature (class, method, argument types) of a method;",(0,i.mdx)("ul",{parentName:"li"},(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("strong",{parentName:"li"},"NOTE:")," Usage of this constraint is discouraged as it has poor performance. Try using ",(0,i.mdx)("inlineCode",{parentName:"li"},"signature_match")," instead!"))),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"parent"),": Expects an extra property ",(0,i.mdx)("inlineCode",{parentName:"li"},"inner")," ","[Type]"," which contains a nested constraint to apply to the class holding the method;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"parameter"),": Expects an extra properties ",(0,i.mdx)("inlineCode",{parentName:"li"},"idx")," and ",(0,i.mdx)("inlineCode",{parentName:"li"},"inner")," ","[Parameter]"," or ","[Type]",", matches when the idx-th parameter of the function or method matches the nested constraint inner;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"any_parameter"),": Expects an optional extra property ",(0,i.mdx)("inlineCode",{parentName:"li"},"start_idx")," and ",(0,i.mdx)("inlineCode",{parentName:"li"},"inner")," ","[Parameter]"," or ","[Type]",", matches when there is any parameters (starting at start_idx) of the function or method matches the nested constraint inner;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"return"),": Expects an extra property ",(0,i.mdx)("inlineCode",{parentName:"li"},"inner")," ","[Type]"," which contains a nested constraint to apply to the return of the method;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"is_static | is_constructor | is_native | has_code"),": Accepts an extra property ",(0,i.mdx)("inlineCode",{parentName:"li"},"value")," which is either ",(0,i.mdx)("inlineCode",{parentName:"li"},"true")," or ",(0,i.mdx)("inlineCode",{parentName:"li"},"false"),". By default, ",(0,i.mdx)("inlineCode",{parentName:"li"},"value")," is considered ",(0,i.mdx)("inlineCode",{parentName:"li"},"true"),";"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"number_parameters"),": Expects an extra property ",(0,i.mdx)("inlineCode",{parentName:"li"},"inner")," ","[Integer]"," which contains a nested constraint to apply to the number of parameters (counting the implicit ",(0,i.mdx)("inlineCode",{parentName:"li"},"this")," parameter);"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"number_overrides"),": Expects an extra property ",(0,i.mdx)("inlineCode",{parentName:"li"},"inner")," ","[Integer]"," which contains a nested constraint to apply on the number of method overrides."))),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("p",{parentName:"li"},(0,i.mdx)("strong",{parentName:"p"},"Parameter:")),(0,i.mdx)("ul",{parentName:"li"},(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"parameter_has_annotation"),": Expects an extra property ",(0,i.mdx)("inlineCode",{parentName:"li"},"type")," and an optional property ",(0,i.mdx)("inlineCode",{parentName:"li"},"pattern"),", respectively a string and a regex fully matching the value of the parameter annotation."))),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("p",{parentName:"li"},(0,i.mdx)("strong",{parentName:"p"},"Type:")),(0,i.mdx)("ul",{parentName:"li"},(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"extends"),": Expects an extra property ",(0,i.mdx)("inlineCode",{parentName:"li"},"inner")," ","[Type]"," which contains a nested constraint that must apply to one of the base classes or itself. The optional property ",(0,i.mdx)("inlineCode",{parentName:"li"},"includes_self")," is a boolean that tells whether the constraint must be applied on the type itself or not;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"super"),": Expects an extra property ",(0,i.mdx)("inlineCode",{parentName:"li"},"inner")," ","[Type]"," which contains a nested constraint that must apply on the direct superclass;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"is_class | is_interface"),": Accepts an extra property ",(0,i.mdx)("inlineCode",{parentName:"li"},"value")," which is either ",(0,i.mdx)("inlineCode",{parentName:"li"},"true")," or ",(0,i.mdx)("inlineCode",{parentName:"li"},"false"),". By default, ",(0,i.mdx)("inlineCode",{parentName:"li"},"value")," is considered ",(0,i.mdx)("inlineCode",{parentName:"li"},"true"),";"))),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("p",{parentName:"li"},(0,i.mdx)("strong",{parentName:"p"},"Field"),":"),(0,i.mdx)("ul",{parentName:"li"},(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"signature"),": Expects an extra property ",(0,i.mdx)("inlineCode",{parentName:"li"},"pattern")," which is a regex to fully match the full signature of the field. This is of the form ",(0,i.mdx)("inlineCode",{parentName:"li"},"<className>.<fieldName>:<fieldType>"),";"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"parent"),": Expects an extra property ",(0,i.mdx)("inlineCode",{parentName:"li"},"inner")," ","[Type]"," which contains a nested constraint to apply to the class holding the field;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"is_static"),": Accepts an extra property ",(0,i.mdx)("inlineCode",{parentName:"li"},"value")," which is either ",(0,i.mdx)("inlineCode",{parentName:"li"},"true")," or ",(0,i.mdx)("inlineCode",{parentName:"li"},"false"),". By default, ",(0,i.mdx)("inlineCode",{parentName:"li"},"value")," is considered ",(0,i.mdx)("inlineCode",{parentName:"li"},"true"),";"))),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("p",{parentName:"li"},(0,i.mdx)("strong",{parentName:"p"},"Method, Type or Field:")),(0,i.mdx)("ul",{parentName:"li"},(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"name"),": Expects an extra property ",(0,i.mdx)("inlineCode",{parentName:"li"},"pattern")," which is a regex to fully match the name of the item;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"has_annotation"),": Expects an extra property ",(0,i.mdx)("inlineCode",{parentName:"li"},"type")," and an optional property ",(0,i.mdx)("inlineCode",{parentName:"li"},"pattern"),", respectively a string and a regex fully matching the value of the annotation."),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"visibility"),": Expects an extra property ",(0,i.mdx)("inlineCode",{parentName:"li"},"is")," which is either ",(0,i.mdx)("inlineCode",{parentName:"li"},"public"),", ",(0,i.mdx)("inlineCode",{parentName:"li"},"private")," or ",(0,i.mdx)("inlineCode",{parentName:"li"},"protected"),"; (Note this does not apply to ",(0,i.mdx)("inlineCode",{parentName:"li"},"Field"),")"))),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("p",{parentName:"li"},(0,i.mdx)("strong",{parentName:"p"},"Integer:")),(0,i.mdx)("ul",{parentName:"li"},(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"< | <= | == | > | >= | !="),": Expects an extra property ",(0,i.mdx)("inlineCode",{parentName:"li"},"value")," which contains an integer that the input integer is compared with. The input is the left hand side."))),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("p",{parentName:"li"},(0,i.mdx)("strong",{parentName:"p"},"Any (Method, Parameter, Type, Field or Integer):")),(0,i.mdx)("ul",{parentName:"li"},(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"all_of"),": Expects an extra property ",(0,i.mdx)("inlineCode",{parentName:"li"},"inners")," ","[Any]"," which is an array holding nested constraints which must all apply;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"any_of"),": Expects an extra property ",(0,i.mdx)("inlineCode",{parentName:"li"},"inners")," ","[Any]"," which is an array holding nested constraints where one of them must apply;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"not"),": Expects an extra property ",(0,i.mdx)("inlineCode",{parentName:"li"},"inner")," ","[Any]"," which contains a nested constraint that should not apply. (Note this is not yet implemented for ",(0,i.mdx)("inlineCode",{parentName:"li"},"Field"),"s)"))))),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("p",{parentName:"li"},(0,i.mdx)("inlineCode",{parentName:"p"},"model"),": A model, describing sources/sinks/propagations/etc."),(0,i.mdx)("ul",{parentName:"li"},(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("p",{parentName:"li"},(0,i.mdx)("strong",{parentName:"p"},"For method models")),(0,i.mdx)("ul",{parentName:"li"},(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"sources"),"*",": A list of sources, i.e a source flowing out of the method via return value or flowing in via an argument. A source has the following key/values:",(0,i.mdx)("ul",{parentName:"li"},(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"kind"),": The source name;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"port"),"*","*",": The source access path (e.g, ",(0,i.mdx)("inlineCode",{parentName:"li"},'"Return"')," or ",(0,i.mdx)("inlineCode",{parentName:"li"},'"Argument(1)"'),");"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"features"),"*",": A list of features/breadcrumbs names;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"via_type_of"),"*",": A list of ports;"))),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"sinks"),"*",": A list of sinks, i.e describing that a parameter of the method flows into a sink. A sink has the following key/values:",(0,i.mdx)("ul",{parentName:"li"},(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"kind"),": The sink name;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"port"),": The sink access path (e.g, ",(0,i.mdx)("inlineCode",{parentName:"li"},'"Return"')," or ",(0,i.mdx)("inlineCode",{parentName:"li"},'"Argument(1)"'),");"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"features"),"*",": A list of features/breadcrumbs names;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"via_type_of"),"*",": A list of ports;"))),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"propagation"),"*",": A list of propagations (also called passthrough) that describe whether a taint on a parameter should result in a taint on the return value or another parameter. A propagation has the following key/values:",(0,i.mdx)("ul",{parentName:"li"},(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"input"),": The input access path (e.g, ",(0,i.mdx)("inlineCode",{parentName:"li"},'"Argument(1)"'),");"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"output"),": The output access path (e.g, ",(0,i.mdx)("inlineCode",{parentName:"li"},'"Return"')," or ",(0,i.mdx)("inlineCode",{parentName:"li"},'"Argument(2)"'),");"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"features"),"*",": A list of features/breadcrumbs names;"))),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"attach_to_sources"),"*",": A list of attach-to-sources that describe that all sources flowing out of the method on the given parameter or return value must have the given features. An attach-to-source has the following key/values:",(0,i.mdx)("ul",{parentName:"li"},(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"port"),": The access path root (e.g, ",(0,i.mdx)("inlineCode",{parentName:"li"},'"Return"')," or ",(0,i.mdx)("inlineCode",{parentName:"li"},'"Argument(1)"'),");"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"features"),": A list of features/breadcrumb names;"))),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"attach_to_sinks"),"*",": A list of attach-to-sinks that describe that all sources flowing in the method on the given parameter must have the given features. An attach-to-sink has the following key/values:",(0,i.mdx)("ul",{parentName:"li"},(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"port"),": The access path root (e.g, ",(0,i.mdx)("inlineCode",{parentName:"li"},'"Argument(1)"'),");"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"features"),": A list of features/breadcrumb names;"))),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"attach_to_propagations"),"*",": A list of attach-to-propagations that describe that inferred propagations of sources flowing in or out of a given parameter or return value must have the given features. An attach-to-propagation has the following key/values:",(0,i.mdx)("ul",{parentName:"li"},(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"port"),": The access path root (e.g, ",(0,i.mdx)("inlineCode",{parentName:"li"},'"Return"')," or ",(0,i.mdx)("inlineCode",{parentName:"li"},'"Argument(1)"'),");"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"features"),": A list of features/breadcrumb names;"))),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"add_features_to_parameters"),"*",": A list of add-features-to-parameters that describe that flows that might flow on the given parameter must have the given features. An add-features-to-parameter has the following key/values:",(0,i.mdx)("ul",{parentName:"li"},(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"port"),": The access path root (e.g, ",(0,i.mdx)("inlineCode",{parentName:"li"},'"Argument(1)"'),");"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"features"),": A list of features/breadcrumb names;"))),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"modes"),"*",": A list of mode names that describe specific behaviors of a method;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"for_all_parameters"),": Generate sources/sinks/propagations/attach",(0,i.mdx)("em",{parentName:"li"},"to"),"*"," for all parameters of a method that satisfy some constraints. It accepts the following key/values:",(0,i.mdx)("ul",{parentName:"li"},(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"variable"),": A symbolic name for the parameter;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"where"),": An optional list of ","[Parameter]"," or ","[Type]"," constraints on the parameter;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"sources | sinks | propagation"),': Same as under "model", but we accept the variable name as a parameter number.'))))),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("p",{parentName:"li"},(0,i.mdx)("inlineCode",{parentName:"p"},"verbosity"),"*",": A logging level, to help debugging. 1 is the most verbose, 5 is the least. The default verbosity level is 5.")),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("p",{parentName:"li"},(0,i.mdx)("strong",{parentName:"p"},"For Field models")),(0,i.mdx)("ul",{parentName:"li"},(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"sources"),"*",": A list of sources the field should hold. A source has the following key/values:",(0,i.mdx)("ul",{parentName:"li"},(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"kind"),": The source name;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"features"),"*",": A list of features/breadcrumbs names;"))),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"sinks"),"*",": A list of sinks the field should hold. A sink has the following key/values:",(0,i.mdx)("ul",{parentName:"li"},(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"kind"),": The sink name;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"features"),"*",": A list of features/breadcrumds names;")))))))),(0,i.mdx)("p",null,"In the above bullets,"),(0,i.mdx)("ul",null,(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"*")," denotes optional key/value."),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"**")," denotes optional key/value. Default is ",(0,i.mdx)("inlineCode",{parentName:"li"},'"Return"'),".")),(0,i.mdx)("p",null,"Note, the implicit ",(0,i.mdx)("inlineCode",{parentName:"p"},"this")," parameter for methods has the parameter number 0."),(0,i.mdx)("h3",{id:"development"},"Development"),(0,i.mdx)("h4",{id:"when-sources-or-sinks-dont-appear-in-results"},"When Sources or Sinks don't appear in Results"),(0,i.mdx)("ol",null,(0,i.mdx)("li",{parentName:"ol"},(0,i.mdx)("p",{parentName:"li"},"This could be because your model generator did not find any method matching your query. You can use the ",(0,i.mdx)("inlineCode",{parentName:"p"},'"verbosity": 1')," option in your model generator to check if it matched any method. For instance:"),(0,i.mdx)("pre",{parentName:"li"},(0,i.mdx)("code",{parentName:"pre",className:"language-json"},'{\n  "model_generators": [\n    {\n      "find": "methods",\n      "where": /* ... */,\n      "model": {\n        /* ... */\n      },\n      "verbosity": 1\n    }\n  ]\n}\n')),(0,i.mdx)("p",{parentName:"li"},"When running mariana trench, this should print:"),(0,i.mdx)("pre",{parentName:"li"},(0,i.mdx)("code",{parentName:"pre"},"INFO Method `...` satisfies all constraints in json model generator ...\n"))),(0,i.mdx)("li",{parentName:"ol"},(0,i.mdx)("p",{parentName:"li"},"Make sure that your model generator is actually running. You can use the ",(0,i.mdx)("inlineCode",{parentName:"p"},"--verbosity 2")," option to check that. Make sure your model generator is specified in ",(0,i.mdx)("inlineCode",{parentName:"p"},"configuration/default_generator_config.json"),".")),(0,i.mdx)("li",{parentName:"ol"},(0,i.mdx)("p",{parentName:"li"},"You can also check the output models. Use ",(0,i.mdx)("inlineCode",{parentName:"p"},"grep SourceKind models@*")," to see if your source or sink kind exists. Use ",(0,i.mdx)("inlineCode",{parentName:"p"},"grep 'Lcom/example/<class-name>;.<method-name>:' models@*")," to see if a given method exists in the app."))),(0,i.mdx)(m,{mdxType:"FbModels"}))}c.isMDXComponent=!0}}]);
\ No newline at end of file
+"use strict";(self.webpackChunkwebsite=self.webpackChunkwebsite||[]).push([[133],{3905:(e,n,a)=>{a.r(n),a.d(n,{MDXContext:()=>d,MDXProvider:()=>u,mdx:()=>x,useMDXComponents:()=>p,withMDXComponents:()=>m});var t=a(67294);function i(e,n,a){return n in e?Object.defineProperty(e,n,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[n]=a,e}function r(){return r=Object.assign||function(e){for(var n=1;n<arguments.length;n++){var a=arguments[n];for(var t in a)Object.prototype.hasOwnProperty.call(a,t)&&(e[t]=a[t])}return e},r.apply(this,arguments)}function o(e,n){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var t=Object.getOwnPropertySymbols(e);n&&(t=t.filter((function(n){return Object.getOwnPropertyDescriptor(e,n).enumerable}))),a.push.apply(a,t)}return a}function l(e){for(var n=1;n<arguments.length;n++){var a=null!=arguments[n]?arguments[n]:{};n%2?o(Object(a),!0).forEach((function(n){i(e,n,a[n])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(a)):o(Object(a)).forEach((function(n){Object.defineProperty(e,n,Object.getOwnPropertyDescriptor(a,n))}))}return e}function s(e,n){if(null==e)return{};var a,t,i=function(e,n){if(null==e)return{};var a,t,i={},r=Object.keys(e);for(t=0;t<r.length;t++)a=r[t],n.indexOf(a)>=0||(i[a]=e[a]);return i}(e,n);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(t=0;t<r.length;t++)a=r[t],n.indexOf(a)>=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(i[a]=e[a])}return i}var d=t.createContext({}),m=function(e){return function(n){var a=p(n.components);return t.createElement(e,r({},n,{components:a}))}},p=function(e){var n=t.useContext(d),a=n;return e&&(a="function"==typeof e?e(n):l(l({},n),e)),a},u=function(e){var n=p(e.components);return t.createElement(d.Provider,{value:n},e.children)},c={inlineCode:"code",wrapper:function(e){var n=e.children;return t.createElement(t.Fragment,{},n)}},h=t.forwardRef((function(e,n){var a=e.components,i=e.mdxType,r=e.originalType,o=e.parentName,d=s(e,["components","mdxType","originalType","parentName"]),m=p(a),u=i,h=m["".concat(o,".").concat(u)]||m[u]||c[u]||r;return a?t.createElement(h,l(l({ref:n},d),{},{components:a})):t.createElement(h,l({ref:n},d))}));function x(e,n){var a=arguments,i=n&&n.mdxType;if("string"==typeof e||i){var r=a.length,o=new Array(r);o[0]=h;var l={};for(var s in n)hasOwnProperty.call(n,s)&&(l[s]=n[s]);l.originalType=e,l.mdxType="string"==typeof e?e:i,o[1]=l;for(var d=2;d<r;d++)o[d]=a[d];return t.createElement.apply(null,o)}return t.createElement.apply(null,a)}h.displayName="MDXCreateElement"},31797:(e,n,a)=>{a.r(n),a.d(n,{assets:()=>s,contentTitle:()=>o,default:()=>c,frontMatter:()=>r,metadata:()=>l,toc:()=>d});var t=a(87462),i=(a(67294),a(3905));const r={id:"models",title:"Models & Model Generators",sidebar_label:"Models & Model Generators"},o=void 0,l={unversionedId:"models",id:"models",title:"Models & Model Generators",description:"The main way to configure the analysis is through defining model generators. Each model generator defines (1) a filter, made up of constraints to specify the methods (or fields) for which a model should be generated, and (2) a model, an abstract representation of how data flows through a method.",source:"@site/documentation/models.md",sourceDirName:".",slug:"/models",permalink:"/docs/models",draft:!1,editUrl:"https://github.com/facebook/mariana-trench/tree/main/documentation/website/documentation/models.md",tags:[],version:"current",frontMatter:{id:"models",title:"Models & Model Generators",sidebar_label:"Models & Model Generators"},sidebar:"docs",previous:{title:"Rules",permalink:"/docs/rules"},next:{title:"Shims",permalink:"/docs/shims"}},s={},d=[{value:"Models",id:"models",level:2},{value:"Method name format",id:"method-name-format",level:3},{value:"Access path format",id:"access-path-format",level:3},{value:"Kinds",id:"kinds",level:3},{value:"Sources",id:"sources",level:3},{value:"Sinks",id:"sinks",level:3},{value:"Return Sinks",id:"return-sinks",level:3},{value:"Propagation",id:"propagation",level:3},{value:"Features",id:"features",level:3},{value:"Attach to Sources",id:"attach-to-sources",level:4},{value:"Attach to Sinks",id:"attach-to-sinks",level:4},{value:"Attach to Propagations",id:"attach-to-propagations",level:4},{value:"Add Features to Arguments",id:"add-features-to-arguments",level:4},{value:"Via-type Features",id:"via-type-features",level:4},{value:"Via-value Features",id:"via-value-features",level:4},{value:"Taint Broadening",id:"taint-broadening",level:3},{value:"Propagation Broadening",id:"propagation-broadening",level:4},{value:"Issue Broadening Feature",id:"issue-broadening-feature",level:5},{value:"Widen Broadening Feature",id:"widen-broadening-feature",level:5},{value:"Sanitizers",id:"sanitizers",level:3},{value:"Kind-specific Sanitizers",id:"kind-specific-sanitizers",level:4},{value:"Port-specific Sanitizers",id:"port-specific-sanitizers",level:4},{value:"Modes",id:"modes",level:3},{value:"Default model",id:"default-model",level:3},{value:"Field Models",id:"field-models",level:3},{value:"Literal Models",id:"literal-models",level:3},{value:"Model Generators",id:"model-generators",level:2},{value:"Example",id:"example",level:3},{value:"Specification",id:"specification",level:3},{value:"Development",id:"development",level:3},{value:"When Sources or Sinks don&#39;t appear in Results",id:"when-sources-or-sinks-dont-appear-in-results",level:4}],m=(p="FbModels",function(e){return console.warn("Component "+p+" was not imported, exported, or provided by MDXProvider as global scope"),(0,i.mdx)("div",e)});var p;const u={toc:d};function c(e){let{components:n,...a}=e;return(0,i.mdx)("wrapper",(0,t.Z)({},u,a,{components:n,mdxType:"MDXLayout"}),(0,i.mdx)("p",null,"The main way to configure the analysis is through defining model generators. Each model generator defines (1) a ",(0,i.mdx)("strong",{parentName:"p"},"filter"),", made up of constraints to specify the methods (or fields) for which a model should be generated, and (2) a ",(0,i.mdx)("strong",{parentName:"p"},"model"),", an abstract representation of how data flows through a method."),(0,i.mdx)("p",null,"Model generators are what define Sink and Source kinds which are the key component of ",(0,i.mdx)("a",{parentName:"p",href:"/docs/rules"},"Rules"),". Model generators can do other things too, like attach ",(0,i.mdx)("strong",{parentName:"p"},"features")," (a.k.a. breadcrumbs) to flows and ",(0,i.mdx)("strong",{parentName:"p"},"sanitize"),' (redact) flows which go through certain "data-safe" methods (e.g. a method which hashes a user\'s password).'),(0,i.mdx)("p",null,"Filters are conceptually straightforward. Thus, this page focuses heavily on conceptualizing and providing examples for the various types of models. See the ",(0,i.mdx)("a",{parentName:"p",href:"#model-generators"},"Model Generators")," section for full implementation documentation for both filters and models."),(0,i.mdx)("h2",{id:"models"},"Models"),(0,i.mdx)("p",null,"A model is an abstract representation of how data flows through a method."),(0,i.mdx)("p",null,"A model essentialy consists of:"),(0,i.mdx)("ul",null,(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("a",{parentName:"li",href:"#sources"},"Sources"),": a set of sources that the method produces or receives on parameters;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("a",{parentName:"li",href:"#sinks"},"Sinks"),": a set of sinks on the method;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("a",{parentName:"li",href:"#propagation"},"Propagation"),": a description of how the method propagates taint coming into it (e.g, the first parameter updates the second, the second parameter updates the return value, etc.);"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("a",{parentName:"li",href:"#attach-to-sources"},"Attach to Sources"),": a set of features/breadcrumbs to add on an any sources flowing out of the method;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("a",{parentName:"li",href:"#attach-to-sinks"},"Attach to Sinks"),": a set of features/breadcrumbs to add on sinks of a given parameter;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("a",{parentName:"li",href:"#attach-to-propagations"},"Attach to Propagations"),": a set of features/breadcrumbs to add on propagations for a given parameter or return value;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("a",{parentName:"li",href:"#add-features-to-arguments"},"Add Features to Arguments"),": a set of features/breadcrumbs to add on any taint that might flow in a given parameter;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("a",{parentName:"li",href:"#sanitizers"},"Sanitizers"),": specifications of taint flows to stop;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("a",{parentName:"li",href:"#modes"},"Modes"),": a set of flags describing specific behaviors (see below).")),(0,i.mdx)("p",null,"Models can be specified in JSON. For example to mark the string parameter to our ",(0,i.mdx)("inlineCode",{parentName:"p"},"Logger.log")," function as a sink we can specify it as"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-json"},'{\n  "find": "methods",\n  "where": [\n    {\n      "constraint": "signature_match",\n      "parent": "Lcom/example/Logger;",\n      "name": "log"\n    }\n  ],\n  "model": {\n    "sinks": [\n      {\n        "kind": "Logging",\n        "port": "Argument(1)"\n      }\n    ]\n  }\n}\n')),(0,i.mdx)("p",null,"Note that the naming of methods follow the ",(0,i.mdx)("a",{parentName:"p",href:"#method-name-format"},"Dalvik's bytecode format"),"."),(0,i.mdx)("h3",{id:"method-name-format"},"Method name format"),(0,i.mdx)("p",null,"The format used for method names is:"),(0,i.mdx)("p",null,(0,i.mdx)("inlineCode",{parentName:"p"},"<className>.<methodName>:(<parameterType1><parameterType2>)<returnType>")),(0,i.mdx)("p",null,"Example: ",(0,i.mdx)("inlineCode",{parentName:"p"},"Landroidx/fragment/app/Fragment;.startActivity:(Landroid/content/Intent;)V")),(0,i.mdx)("p",null,"For the parameters and return types use the following table to pick the correct one (please refer to ",(0,i.mdx)("a",{parentName:"p",href:"https://docs.oracle.com/javase/specs/jvms/se7/html/jvms-4.html#jvms-4.3.2-200"},"JVM doc")," for more details)"),(0,i.mdx)("ul",null,(0,i.mdx)("li",{parentName:"ul"},"V - void"),(0,i.mdx)("li",{parentName:"ul"},"Z - boolean"),(0,i.mdx)("li",{parentName:"ul"},"B - byte"),(0,i.mdx)("li",{parentName:"ul"},"S - short"),(0,i.mdx)("li",{parentName:"ul"},"C - char"),(0,i.mdx)("li",{parentName:"ul"},"I - int"),(0,i.mdx)("li",{parentName:"ul"},"J - long (64 bits)"),(0,i.mdx)("li",{parentName:"ul"},"F - float"),(0,i.mdx)("li",{parentName:"ul"},"D - double (64 bits)")),(0,i.mdx)("p",null,"Classes take the form ",(0,i.mdx)("inlineCode",{parentName:"p"},"Lpackage/name/ClassName;")," - where the leading ",(0,i.mdx)("inlineCode",{parentName:"p"},"L")," indicates that it is a class type, ",(0,i.mdx)("inlineCode",{parentName:"p"},"package/name/")," is the package that the class is in. A nested class will take the form ",(0,i.mdx)("inlineCode",{parentName:"p"},"Lpackage/name/ClassName$NestedClassName")," (the ",(0,i.mdx)("inlineCode",{parentName:"p"},"$")," will need to be double escaped ",(0,i.mdx)("inlineCode",{parentName:"p"},"\\\\$")," in json regex)."),(0,i.mdx)("blockquote",null,(0,i.mdx)("p",{parentName:"blockquote"},(0,i.mdx)("strong",{parentName:"p"},"NOTE:")," Instance (i.e, non-static) method parameters are indexed starting from 1! The 0th parameter is the ",(0,i.mdx)("inlineCode",{parentName:"p"},"this")," parameter in dalvik byte-code. For static method parameter, indices start from 0.")),(0,i.mdx)("h3",{id:"access-path-format"},"Access path format"),(0,i.mdx)("p",null,'An access path describes the symbolic location of a taint. This is commonly used to indicate where a source or a sink originates from. The "port" field of any model is represented by an access path.'),(0,i.mdx)("p",null,"An access path is composed of a root and a path."),(0,i.mdx)("p",null,"The root is either:"),(0,i.mdx)("ul",null,(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"Return"),", representing the returned value;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"Argument(x)")," (where ",(0,i.mdx)("inlineCode",{parentName:"li"},"x")," is an integer), representing the parameter number ",(0,i.mdx)("inlineCode",{parentName:"li"},"x"),";")),(0,i.mdx)("p",null,"The path is a (possibly empty) list of path elements. A path element can be any of the following kinds:"),(0,i.mdx)("ul",null,(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"field"),": represents a field name. String encoding is a dot followed by the field name: ",(0,i.mdx)("inlineCode",{parentName:"li"},".field_name"),";"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"index"),": represents a user defined index for dictionary like objects. String encoding uses square braces to enclose any user defined index: ",(0,i.mdx)("inlineCode",{parentName:"li"},"[index_name]"),";"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"any index"),": represents any or unresolved indices in dictionary like objects. String encoding is an asterisk enclosed in square braces: ",(0,i.mdx)("inlineCode",{parentName:"li"},"[*]"),";"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"index from value of"),": captures the value of the specified callable's port seen at its callsites during taint flow analysis as an ",(0,i.mdx)("inlineCode",{parentName:"li"},"index")," or ",(0,i.mdx)("inlineCode",{parentName:"li"},"any index")," (if the value cannot be resolved). String encoding uses ",(0,i.mdx)("em",{parentName:"li"},"argument root")," to specify the callable's port and encloses it in ",(0,i.mdx)("inlineCode",{parentName:"li"},"[<"),"...",(0,i.mdx)("inlineCode",{parentName:"li"},">]")," to represent that its value is resolved at the callsite to create an index: ",(0,i.mdx)("inlineCode",{parentName:"li"},"[<Argument(x)>]"),";")),(0,i.mdx)("p",null,"Examples:"),(0,i.mdx)("ul",null,(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"Argument(1).name")," corresponds to the ",(0,i.mdx)("em",{parentName:"li"},"field")," ",(0,i.mdx)("inlineCode",{parentName:"li"},"name")," of the second parameter;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"Argument(1)[name]")," corresponds to the ",(0,i.mdx)("em",{parentName:"li"},"index")," ",(0,i.mdx)("inlineCode",{parentName:"li"},"name")," of the dictionary like second parameter;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"Argument(1)[*]")," corresponds to ",(0,i.mdx)("em",{parentName:"li"},"any index")," of the dictionary like second parameter;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"Argument(1)[<Argument(2)>]")," corresponds to an ",(0,i.mdx)("em",{parentName:"li"},"index")," of the dictionary like second parameter whose value is resolved from the third parameter;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"Return")," corresponds to the returned value;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"Return.x")," correpsonds to the field ",(0,i.mdx)("inlineCode",{parentName:"li"},"x")," of the returned value;")),(0,i.mdx)("h3",{id:"kinds"},"Kinds"),(0,i.mdx)("p",null,"A source has a ",(0,i.mdx)("strong",{parentName:"p"},"kind")," that describes its content (e.g, user input, file system, etc). A sink also has a ",(0,i.mdx)("strong",{parentName:"p"},"kind")," that describes the operation the method performs (e.g, execute a command, read a file, etc.). Kinds can be arbitrary strings (e.g, ",(0,i.mdx)("inlineCode",{parentName:"p"},"UserInput"),"). We usually avoid whitespaces."),(0,i.mdx)("h3",{id:"sources"},"Sources"),(0,i.mdx)("p",null,"Sources describe sources produced or received by a given method. A source can either flow out via the return value or flow via a given parameter. A source has a ",(0,i.mdx)("strong",{parentName:"p"},"kind")," that describes its content (e.g, user input, file system, etc)."),(0,i.mdx)("p",null,"Here is an example where the source flows by return value:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-java"},'public static String getPath() {\n    return System.getenv().get("PATH");\n}\n')),(0,i.mdx)("p",null,"The JSON model generator for this method could be:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-json"},'{\n  "find": "methods",\n  "where": [\n    {\n      "constraint": "signature_match",\n      "parent": "Lcom/example/Class;",\n      "name": "getPath"\n    }\n  ],\n  "model": {\n    "sources": [\n      {\n        "kind": "UserControlled",\n        "port": "Return"\n      }\n    ]\n  }\n}\n')),(0,i.mdx)("p",null,"Here is an example where the source flows in via an argument:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-java"},"class MyActivity extends Activity {\n  public void onNewIntent(Intent intent) {\n    // intent should be considered a source here.\n  }\n}\n")),(0,i.mdx)("p",null,"The JSON model generator for this method could be:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-json"},'{\n  "find": "methods",\n  "where": [\n    {\n      "constraint": "signature_match",\n      "extends": "Landroid/app/Activity",\n      "name": "onNewIntent"\n    }\n  ],\n  "model": {\n    "sources": [\n      {\n        "kind": "UserControlled",\n        "port": "Argument(1)"\n      }\n    ]\n  }\n}\n')),(0,i.mdx)("p",null,"Note that the implicit ",(0,i.mdx)("inlineCode",{parentName:"p"},"this")," parameter is considered the argument 0."),(0,i.mdx)("h3",{id:"sinks"},"Sinks"),(0,i.mdx)("p",null,"Sinks describe dangerous or sensitive methods in the code. A sink has a ",(0,i.mdx)("strong",{parentName:"p"},"kind")," that represents the type of operation the method does (e.g, command execution, file system operation, etc). A sink must be attached to a given parameter of the method. A method can have multiple sinks."),(0,i.mdx)("p",null,"Here is an example of a sink:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-java"},"public static String readFile(String path, String extension, int mode) {\n    // Return the content of the file path.extension\n}\n")),(0,i.mdx)("p",null,"Since ",(0,i.mdx)("inlineCode",{parentName:"p"},"path")," and ",(0,i.mdx)("inlineCode",{parentName:"p"},"extension")," can be used to read arbitrary files, we consider them sinks. We do not consider ",(0,i.mdx)("inlineCode",{parentName:"p"},"mode")," as a sink since we do not care whether the user can control it. The JSON model generator for this method could be:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-json"},'{\n  "find": "methods",\n  "where": [\n    {\n      "constraint": "signature_match",\n      "parent": "Lcom/example/Class",\n      "name": "readFile"\n    }\n  ],\n  "model": {\n    "sinks": [\n      {\n        "kind": "FileRead",\n        "port": "Argument(0)"\n      },\n      {\n        "kind": "FileRead",\n        "port": "Argument(1)"\n      }\n    ]\n  }\n}\n')),(0,i.mdx)("h3",{id:"return-sinks"},"Return Sinks"),(0,i.mdx)("p",null,"Return sinks can be used to describe that a method should not return tainted information. A return sink is just a normal sink with a ",(0,i.mdx)("inlineCode",{parentName:"p"},"Return")," port."),(0,i.mdx)("h3",{id:"propagation"},"Propagation"),(0,i.mdx)("p",null,"Propagations \u2212 also called ",(0,i.mdx)("strong",{parentName:"p"},"tito")," (Taint In Taint Out) or ",(0,i.mdx)("strong",{parentName:"p"},"passthrough")," in other tools \u2212 describe how the method propagates taint. A propagation as an ",(0,i.mdx)("strong",{parentName:"p"},"input")," (where the taint comes from) and an ",(0,i.mdx)("strong",{parentName:"p"},"output")," (where the taint is moved to)."),(0,i.mdx)("p",null,"Here is an example of a propagation:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-java"},"public static String concat(String x, String y) {\n  return x + y;\n}\n")),(0,i.mdx)("p",null,"The return value of the method can be controlled by both parameters, hence it has the propagations ",(0,i.mdx)("inlineCode",{parentName:"p"},"Argument(0) -> Return")," and ",(0,i.mdx)("inlineCode",{parentName:"p"},"Argument(1) -> Return"),". The JSON model generator for this method could be:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-json"},'{\n  "find": "methods",\n  "where": [\n    {\n      "constraint": "signature_match",\n      "parent": "Lcom/example/Class",\n      "name": "concat"\n    }\n  ],\n  "model": {\n    "propagation": [\n      {\n        "input": "Argument(0)",\n        "output": "Return"\n      },\n      {\n        "input": "Argument(1)",\n        "output": "Return"\n      }\n    ]\n  }\n}\n')),(0,i.mdx)("h3",{id:"features"},"Features"),(0,i.mdx)("p",null,"Features (also called ",(0,i.mdx)("strong",{parentName:"p"},"breadcrumbs"),") can be used to tag a flow and help filtering issues. A feature describes a property of a flow. A feature can be any arbitrary string."),(0,i.mdx)("p",null,"For instance, the feature ",(0,i.mdx)("inlineCode",{parentName:"p"},"via-numerical-operator")," is used to describe that the data flows through a numerical operator such as an addition."),(0,i.mdx)("p",null,"Features are very useful to filter flows in the SAPP UI. E.g. flows with a cast from string to integer are can sometimes be less important during triaging since controlling an integer is more difficult to exploit than controlling a full string."),(0,i.mdx)("p",null,"Note that features ",(0,i.mdx)("strong",{parentName:"p"},"do not stop")," the flow, they just help triaging."),(0,i.mdx)("h4",{id:"attach-to-sources"},"Attach to Sources"),(0,i.mdx)("p",null,(0,i.mdx)("em",{parentName:"p"},"Attach to sources")," is used to add a set of ",(0,i.mdx)("a",{parentName:"p",href:"#features"},"features")," on any sources flowing out of a method through a given parameter or return value."),(0,i.mdx)("p",null,"For instance, if we want to add the feature ",(0,i.mdx)("inlineCode",{parentName:"p"},"via-signed")," to all sources flowing out of the given method:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-java"},"public String getSignedCookie();\n")),(0,i.mdx)("p",null,"We could use the following JSON model generator:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-json"},'{\n  "find": "methods",\n  "where": [\n    {\n      "constraint": "signature_match",\n      "parent": "Lcom/example/Class",\n      "name": "getSignedCookie"\n    }\n  ],\n  "model": {\n    "attach_to_sources": [\n      {\n        "features": [\n          "via-signed"\n        ],\n        "port": "Return"\n      }\n    ]\n  }\n}\n')),(0,i.mdx)("p",null,"Note that this is only useful for sources inferred by the analysis. If you know that ",(0,i.mdx)("inlineCode",{parentName:"p"},"getSignedCookie")," returns a source of a given kind, you should use a source instead."),(0,i.mdx)("h4",{id:"attach-to-sinks"},"Attach to Sinks"),(0,i.mdx)("p",null,(0,i.mdx)("em",{parentName:"p"},"Attach to sinks")," is used to add a set of ",(0,i.mdx)("a",{parentName:"p",href:"#features"},"features")," on all sinks on the given parameter of a method."),(0,i.mdx)("p",null,"For instance, if we want to add the feature ",(0,i.mdx)("inlineCode",{parentName:"p"},"via-user")," on all sinks of the given method:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-java"},"class User {\n  public static User findUser(String username) {\n    // The code here might use SQL, Thrift, or anything. We don't need to know.\n  }\n}\n")),(0,i.mdx)("p",null,"We could use the following JSON model generator:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-json"},'{\n  "find": "methods",\n  "where": [\n    {\n      "constraint": "signature_match",\n      "parent": "Lcom/example/User",\n      "name": "findUser"\n    }\n  ],\n  "model": {\n    "attach_to_sinks": [\n      {\n        "features": [\n          "via-user"\n        ],\n        "port": "Argument(0)"\n      }\n    ]\n  }\n}\n')),(0,i.mdx)("p",null,"Note that this is only useful for sinks inferred by the analysis. If you know that ",(0,i.mdx)("inlineCode",{parentName:"p"},"findUser")," is a sink of a given kind, you should use a sink instead."),(0,i.mdx)("h4",{id:"attach-to-propagations"},"Attach to Propagations"),(0,i.mdx)("p",null,(0,i.mdx)("em",{parentName:"p"},"Attach to propagations")," is used to add a set of ",(0,i.mdx)("a",{parentName:"p",href:"#features"},"features")," on all propagations from or to a given parameter or return value of a method."),(0,i.mdx)("p",null,"For instance, if we want to add the feature ",(0,i.mdx)("inlineCode",{parentName:"p"},"via-concat")," to the propagations of the given method:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-java"},"public static String concat(String x, String y);\n")),(0,i.mdx)("p",null,"We could use the following JSON model generator:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-json"},'{\n  "find": "methods",\n  "where": [\n    {\n      "constraint": "signature_match",\n      "parent": "Lcom/example/Class",\n      "name": "concat"\n    }\n  ],\n  "model": {\n    "attach_to_propagations": [\n      {\n        "features": [\n          "via-concat"\n        ],\n        "port": "Return" // We could also use Argument(0) and Argument(1)\n      }\n    ]\n  }\n}\n')),(0,i.mdx)("p",null,"Note that this is only useful for propagations inferred by the analysis. If you know that ",(0,i.mdx)("inlineCode",{parentName:"p"},"concat")," has a propagation, you should model it as a propagation directly."),(0,i.mdx)("h4",{id:"add-features-to-arguments"},"Add Features to Arguments"),(0,i.mdx)("p",null,(0,i.mdx)("em",{parentName:"p"},"Add features to arguments")," is used to add a set of ",(0,i.mdx)("a",{parentName:"p",href:"#features"},"features")," on all sources that ",(0,i.mdx)("strong",{parentName:"p"},"might")," flow on a given parameter of a method."),(0,i.mdx)("p",null,(0,i.mdx)("em",{parentName:"p"},"Add features to arguments")," implies ",(0,i.mdx)("em",{parentName:"p"},"Attach to sources"),", ",(0,i.mdx)("em",{parentName:"p"},"Attach to sinks")," and ",(0,i.mdx)("em",{parentName:"p"},"Attach to propagations"),", but it also accounts for possible side effects at call sites."),(0,i.mdx)("p",null,"For instance:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-java"},'public static void log(String message) {\n  System.out.println(message);\n}\npublic void buyView() {\n  String username = getParameter("username");\n  String product = getParameter("product");\n  log(username);\n  buy(username, product);\n}\n')),(0,i.mdx)("p",null,"Technically, the ",(0,i.mdx)("inlineCode",{parentName:"p"},"log")," method doesn't have any source, sink or propagation. We can use ",(0,i.mdx)("em",{parentName:"p"},"add features to arguments")," to add a feature ",(0,i.mdx)("inlineCode",{parentName:"p"},"was-logged")," on the flow from ",(0,i.mdx)("inlineCode",{parentName:"p"},'getParameter("username")')," to ",(0,i.mdx)("inlineCode",{parentName:"p"},"buy(username, product)"),". We could use the following JSON model generator for the ",(0,i.mdx)("inlineCode",{parentName:"p"},"log")," method:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-json"},'{\n  "find": "methods",\n  "where": [\n    {\n      "constraint": "signature_match",\n      "parent": "Lcom/example/Class",\n      "name": "log"\n    }\n  ],\n  "model": {\n    "add_features_to_arguments": [\n      {\n        "features": [\n          "was-logged"\n        ],\n        "port": "Argument(0)"\n      }\n    ]\n  }\n}\n')),(0,i.mdx)("h4",{id:"via-type-features"},"Via-type Features"),(0,i.mdx)("p",null,(0,i.mdx)("em",{parentName:"p"},"Via-type")," features are used to keep track of the type of a callable\u2019s port seen at its callsites during taint flow analysis. They are specified in model generators within the \u201csources\u201d or \u201csinks\u201d field of a model with the \u201cvia_type_of\u201d field. It is mapped to a nonempty list of ports of the method for which we want to create via-type features."),(0,i.mdx)("p",null,"For example, if we were interested in the specific Activity subclasses with which the method below was called:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-java"},"\npublic void startActivityForResult(Intent intent, int requestCode);\n\n// At some callsite:\nActivitySubclass activitySubclassInstance;\nactivitySubclassInstance.startActivityForResult(intent, requestCode);\n\n")),(0,i.mdx)("p",null,"we could use the following JSON to specifiy a via-type feature that would materialize as ",(0,i.mdx)("inlineCode",{parentName:"p"},"via-type:ActivitySubclass"),":"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-json"},'{\n  "find": "methods",\n  "where": [\n    {\n      "constraint": "signature_match",\n      "parent": "Lcom/example/Class",\n      "name": "startActivityForResult"\n    }\n  ],\n  "model": {\n    "sinks": [\n      {\n        "port": "Argument(1)",\n        "kind": "SinkKind",\n        "via_type_of": [\n          "Argument(0)"\n        ]\n      }\n    ]\n  }\n}\n')),(0,i.mdx)("h4",{id:"via-value-features"},"Via-value Features"),(0,i.mdx)("p",null,(0,i.mdx)("em",{parentName:"p"},"Via-value")," feature captures the value of the specified callable's port seen at its callsites during taint flow analysis. They are specified similar to ",(0,i.mdx)("inlineCode",{parentName:"p"},"Via-type"),' features -- in model generators within the "sources" or "sinks" field of a model with the "via_value_of" field. It is mapped to a nonempty list of ports of the method for which we want to create via-value features.'),(0,i.mdx)("p",null,"For example, if we were interested in the specific ",(0,i.mdx)("inlineCode",{parentName:"p"},"mode")," with which the method below was called:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-java"},'public void log(String mode, String message);\n\nclass Constants {\n  public static final String MODE = "M1";\n}\n\n// At some callsite:\nlog(Constants.MODE, "error message");\n\n')),(0,i.mdx)("p",null,"we could use the following JSON to specifiy a via-value feature that would materialize as ",(0,i.mdx)("inlineCode",{parentName:"p"},"via-value:M1"),":"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-json"},'{\n  "find": "methods",\n  "where": [\n    {\n      "constraint": "signature_match",\n      "parent": "Lcom/example/Class",\n      "name": "log"\n    }\n  ],\n  "model": {\n    "sinks": [\n      {\n        "port": "Argument(1)",\n        "kind": "SinkKind",\n        "via_value_of": [\n          "Argument(0)"\n        ]\n      }\n    ]\n  }\n}\n')),(0,i.mdx)("p",null,"Note that this only works for numeric and string literals. In cases where the argument is not a constant, the feature will appear as ",(0,i.mdx)("inlineCode",{parentName:"p"},"via-value:unknown"),"."),(0,i.mdx)("h3",{id:"taint-broadening"},"Taint Broadening"),(0,i.mdx)("p",null,(0,i.mdx)("strong",{parentName:"p"},"Taint broadening")," (also called ",(0,i.mdx)("strong",{parentName:"p"},"collapsing"),") happens when Mariana Trench needs to make an approximation about a taint flow. It is the operation of reducing a ",(0,i.mdx)("strong",{parentName:"p"},"taint tree")," into a single element. A ",(0,i.mdx)("strong",{parentName:"p"},"taint tree")," is a tree where edges are field names and nodes are taint element. This is how Mariana Trench represents internally which fields (or sequence of fields) are tainted."),(0,i.mdx)("p",null,"For instance, analyzing the following code:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-java"},"MyClass var = new MyClass();\nvar.a = sourceX();\nvar.b.c = sourceY();\nvar.b.d = sourceZ();\n")),(0,i.mdx)("p",null,"The taint tree of variable ",(0,i.mdx)("inlineCode",{parentName:"p"},"var")," would be:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre"},"      .\n  a /   \\ b\n { X }    .\n       c / \\ d\n     { Y }  { Z }\n")),(0,i.mdx)("p",null,"After collapsing, the tree is reduced to a single node ",(0,i.mdx)("inlineCode",{parentName:"p"},"{ X, Y, Z }"),", which is less precise."),(0,i.mdx)("p",null,"In conclusion, taint broadening effectively leads to considering the whole object as tainted while only some specific fields were initially tainted. This might happen for the correctness of the analysis or for performance reasons."),(0,i.mdx)("p",null,"In the following sections, we will discuss when collapsing can happen. In most cases, a feature is automatically added on collapsed taint to help detect false positives."),(0,i.mdx)("h4",{id:"propagation-broadening"},"Propagation Broadening"),(0,i.mdx)("p",null,"Taint collapsing is applied when taint is propagated through a method."),(0,i.mdx)("p",null,"For instance:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-java"},"MyClass input = new MyClass();\ninput.a = SourceX();\nMyClass output = SomeClass.UnknownMethod(input);\nSink(output.b); // Considered an issue since `output` is considered tainted. This could be a False Negative without collapsing.\n")),(0,i.mdx)("p",null,"In that case, the ",(0,i.mdx)("a",{parentName:"p",href:"#feature"},"feature")," ",(0,i.mdx)("inlineCode",{parentName:"p"},"via-propagation-broadening")," will be automatically added on the taint. This can help identify false positives."),(0,i.mdx)("p",null,"If you know that this method ",(0,i.mdx)("strong",{parentName:"p"},"preserves the structure")," of the parameter, you could specify a model and disable collapsing using the ",(0,i.mdx)("inlineCode",{parentName:"p"},"collapse")," attribute within a ",(0,i.mdx)("a",{parentName:"p",href:"#propagation"},(0,i.mdx)("inlineCode",{parentName:"a"},"propagation")),":"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-json"},'{\n  "find": "methods",\n  "where": [\n    {\n      "constraint": "signature_match",\n      "parent": "Lcom/example/SomeClass",\n      "name": "UnknownMethod"\n    }\n  ],\n  "model": {\n    "propagation": [\n      {\n        "input": "Argument(0)",\n        "output": "Return",\n        "collapse": false\n      }\n    ]\n  }\n}\n')),(0,i.mdx)("p",null,"Note that Mariana Trench can usually infer when a method propagates taint without collapsing it when it has access to the code of that method and subsequent calls. For instance:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-java"},"public String identity(String x) {\n  // Automatically infers a propagation `Arg(0) -> Return` with `collapse=false`\n  return x;\n}\n")),(0,i.mdx)("h5",{id:"issue-broadening-feature"},"Issue Broadening Feature"),(0,i.mdx)("p",null,"The ",(0,i.mdx)("inlineCode",{parentName:"p"},"via-issue-broadening")," feature is added to issues where the taint flowing into the sink was not held directly on the object passed in but on one of its fields. For example:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-java"},"Class input = new Class();\ninput.field = source();\nsink(input); // `input` is not tainted, but `input.field` is tainted and creates an issue\n")),(0,i.mdx)("h5",{id:"widen-broadening-feature"},"Widen Broadening Feature"),(0,i.mdx)("p",null,"For performance reasons, if a given taint tree becomes very large (either in depth or in number of nodes at a given level), Mariana Trench collapses the tree to a smaller size. In these cases, the ",(0,i.mdx)("inlineCode",{parentName:"p"},"via-widen-broadening")," feature is added to the collapsed taint"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-java"},"Class input = new Class();\nif (\\* condition *\\) {\n  input.field1 = source();\n  input.field2 = source();\n  ...\n} else {\n  input.fieldA = source();\n  input.fieldB = source();\n  ...\n}\nsink(input); // Too many fields are sources so the whole input object becomes tainted\n")),(0,i.mdx)("h3",{id:"sanitizers"},"Sanitizers"),(0,i.mdx)("p",null,"Specifying sanitizers on a model allow us to stop taint flowing through that method. In Mariana Trench, they can be one of three types -"),(0,i.mdx)("ul",null,(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"sources"),": prevent any taint sources from flowing out of the method"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"sinks"),": prevent taint from reaching any sinks within the method"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"propagations"),": prevent propagations from being inferred between any two ports of the method.")),(0,i.mdx)("p",null,"These can be specified in model generators as follows -"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-json"},'{\n  "find": "methods",\n  "where": ...,\n  "model": {\n    "sanitizers": [\n      {\n        "sanitize": "sources"\n      },\n      {\n        "sanitize": "sinks"\n      },\n      {\n        "sanitize": "propagations"\n      }\n    ],\n    ...\n  }\n}\n')),(0,i.mdx)("p",null,"Note, if there are any user-specificed sources, sinks or propagations on the model, sanitizers will not affect them, but it will prevent them from being propagated outward to callsites."),(0,i.mdx)("h4",{id:"kind-specific-sanitizers"},"Kind-specific Sanitizers"),(0,i.mdx)("p",null,(0,i.mdx)("inlineCode",{parentName:"p"},"sources")," and ",(0,i.mdx)("inlineCode",{parentName:"p"},"sinks")," sanitizers may include a list of kinds (each with or without a partial_label) to restrict the sanitizer to only sanitizing taint of those kinds. (When unspecified, as in the example above, all taint is sanitized regardless of kind)."),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-json"},'"sanitizers": [\n  {\n    "sanitize": "sinks",\n    "kinds": [\n      {\n        "kind": "SinkKindA"\n      },\n      {\n        "kind": "SinkKindB",\n        "partial_label": "A"\n      }\n    ]\n  }\n]\n')),(0,i.mdx)("h4",{id:"port-specific-sanitizers"},"Port-specific Sanitizers"),(0,i.mdx)("p",null,"Sanitizers can also specify a specific port (",(0,i.mdx)("a",{parentName:"p",href:"/docs/models#access-path-format"},"access path")," root) they sanitize (ignoring all the rest). This field ",(0,i.mdx)("inlineCode",{parentName:"p"},"port")," has a slightly different meaning for each kind of sanitizer -"),(0,i.mdx)("ul",null,(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"sources"),": represents the output port through which sources may not leave the method"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"sinks"),": represents the input port through which taint may not trigger any sinks within the model"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"propagations"),": represents the input port through which a propagation to any other port may not be inferred")),(0,i.mdx)("p",null,"For example if the following method"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-java"},"public void someMethod(Object argument1, Object argument2) {\n  toSink(argument1);\n  toSink(argument2);\n}\n")),(0,i.mdx)("p",null,"had the following sanitizer in its model,"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-json"},'"sanitizers": [\n  {\n    "sanitize": "sinks",\n    "port": "Argument(1)"\n  }\n]\n')),(0,i.mdx)("p",null,"Then a source flowing into ",(0,i.mdx)("inlineCode",{parentName:"p"},"argument1")," would be able to cause an issue, but not a source flowing into ",(0,i.mdx)("inlineCode",{parentName:"p"},"argument2"),"."),(0,i.mdx)("p",null,"Kind and port specifications may be included in the same sanitizer."),(0,i.mdx)("h3",{id:"modes"},"Modes"),(0,i.mdx)("p",null,"Modes are used to describe specific behaviors of methods. Available modes are:"),(0,i.mdx)("ul",null,(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"skip-analysis"),": skip the analysis of the method;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"add-via-obscure-feature"),": add a feature/breadcrumb called ",(0,i.mdx)("inlineCode",{parentName:"li"},"via-obscure:<method>")," to sources flowing through this method;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"taint-in-taint-out"),": propagate the taint on arguments to the return value;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"taint-in-taint-this"),": propagate the taint on arguments into the ",(0,i.mdx)("inlineCode",{parentName:"li"},"this")," parameter;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"no-join-virtual-overrides"),": do not consider all possible overrides when handling a virtual call to this method;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"no-collapse-on-propagation"),": do not collapse input paths when applying propagations;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"alias-memory-location-on-invoke"),": aliases existing memory location at the callsite instead of creating a new one;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"strong-write-on-propagation"),": performs a strong write from input path to the output path on propagation;")),(0,i.mdx)("h3",{id:"default-model"},"Default model"),(0,i.mdx)("p",null,"A default model is created for each method, except if it is provided by a model generator. The default model has a set of heuristics:"),(0,i.mdx)("p",null,"If the method has no source code, the model is automatically marked with the modes ",(0,i.mdx)("inlineCode",{parentName:"p"},"skip-analysis")," and ",(0,i.mdx)("inlineCode",{parentName:"p"},"add-via-obscure-feature"),"."),(0,i.mdx)("p",null,"If the method has more than 40 overrides, it is marked with the mode ",(0,i.mdx)("inlineCode",{parentName:"p"},"no-join-virtual-overrides"),"."),(0,i.mdx)("p",null,"Otherwise, the default model is empty (no sources/sinks/propagations)."),(0,i.mdx)("h3",{id:"field-models"},"Field Models"),(0,i.mdx)("p",null,"These models represent user-defined taint on class fields (as opposed to methods, as described in all the previous sections on this page). They are specified in a similar way to method models as described below."),(0,i.mdx)("blockquote",null,(0,i.mdx)("p",{parentName:"blockquote"},(0,i.mdx)("strong",{parentName:"p"},"NOTE:")," Field sources should not be applied to fields that are both final and of a primitive type (",(0,i.mdx)("inlineCode",{parentName:"p"},"int"),", ",(0,i.mdx)("inlineCode",{parentName:"p"},"char"),", ",(0,i.mdx)("inlineCode",{parentName:"p"},"float"),", etc as well as ",(0,i.mdx)("inlineCode",{parentName:"p"},"java.lang.String"),") as the Java compiler optimizes accesses of these fields in the bytecode into accesses of the constant value they hold. In this scenario, Mariana Trench has no way of recognizing that the constant was meant to carry a source.")),(0,i.mdx)("p",null,"Example field model generator for sources:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-json"},'{\n  "find": "fields",\n  "where": [\n    {\n      "constraint": "name",\n      "pattern": "SOURCE_EXAMPLE"\n    }\n  ],\n  "model": {\n    "sources" : [\n      {\n        "kind": "FieldSource"\n      }\n    ]\n  }\n}\n')),(0,i.mdx)("p",null,"Example code:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-java"},"public class TestClass {\n  // Field that we know to be tainted\n  public Object SOURCE_EXAMPLE = ...;\n\n  void flow() {\n    sink(EXAMPLE, ...);\n  }\n}\n")),(0,i.mdx)("p",null,"Example field model generator for sinks:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-json"},'{\n  "find": "fields",\n  "where": [\n    {\n      "constraint": "name",\n      "pattern": "SINK_EXAMPLE"\n    }\n  ],\n  "model": {\n    "sinks" : [\n      {\n        "kind": "FieldSink"\n      }\n    ]\n  }\n}\n')),(0,i.mdx)("p",null,"Example code:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-java"},"public class TestClass {\n  public Object SINK_EXAMPLE = ...;\n\n  void flow() {\n    SINK_EXAMPLE = source();\n  }\n}\n")),(0,i.mdx)("p",null,"Field signature formats follow the Dalvik bytecode format similar to methods as discussed ",(0,i.mdx)("a",{parentName:"p",href:"#method-name-format"},"above"),". This is of the form ",(0,i.mdx)("inlineCode",{parentName:"p"},"<className>.<fieldName>:<fieldType>"),"."),(0,i.mdx)("h3",{id:"literal-models"},"Literal Models"),(0,i.mdx)("p",null,"Literal models represent user-defined taints on string literals matching configurable regular expressions. They can only be configured as sources and are intended to identify suspicious patterns, such as user-controlled data being concatenated with a string literal which looks like an SQL query."),(0,i.mdx)("blockquote",null,(0,i.mdx)("p",{parentName:"blockquote"},(0,i.mdx)("strong",{parentName:"p"},"NOTE:")," Each use of a literal in the analysed code which matches a pattern in a literal model will generate a new taint which needs to be explored by Mariana Trench. Using overly broad patterns like ",(0,i.mdx)("inlineCode",{parentName:"p"},".*")," should thus be avoided, as they can lead to poor performance and high memory usage.")),(0,i.mdx)("p",null,"Example literal models:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre"},'[\n  {\n    "pattern": "SELECT \\\\*.*",\n    "description": "Potential SQL Query",\n    "sources": [\n      {\n        "kind": "SqlQuery"\n      }\n    ]\n  },\n  {\n    "pattern": "AI[0-9A-Z]{16}",\n    "description": "Suspected Google API Key",\n    "sources": [\n      {\n        "kind": "GoogleAPIKey"\n      }\n    ]\n  }\n]\n')),(0,i.mdx)("p",null,"Example code:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-java"},'void testRegexSource() {\n  String prefix = "SELECT * FROM USERS WHERE id = ";\n  String aci = getAttackerControlledInput();\n  String query = prefix + aci; // Sink\n}\n\nvoid testRegexSourceGoogleApiKey() {\n  String secret = "AIABCD1234EFGH5678";\n  sink(secret);\n}\n')),(0,i.mdx)("h2",{id:"model-generators"},"Model Generators"),(0,i.mdx)("p",null,"Mariana Trench allows for dynamic model specifications. This allows a user to specify models of methods before running the analysis. This is used to specify sources, sinks, propagation and modes."),(0,i.mdx)("p",null,"Model generators are specified in a generator configuration file, specified by the ",(0,i.mdx)("inlineCode",{parentName:"p"},"--generator-configuration-path")," parameter. By default, we use ",(0,i.mdx)("a",{parentName:"p",href:"https://github.com/facebook/mariana-trench/blob/main/configuration/default_generator_config.json"},(0,i.mdx)("inlineCode",{parentName:"a"},"default_generator_config.json")),"."),(0,i.mdx)("h3",{id:"example"},"Example"),(0,i.mdx)("p",null,"Examples of model generators are located in the ",(0,i.mdx)("a",{parentName:"p",href:"https://github.com/facebook/mariana-trench/tree/main/configuration/model-generators"},(0,i.mdx)("inlineCode",{parentName:"a"},"configuration/model-generators"))," directory."),(0,i.mdx)("p",null,"Below is an example of a JSON model generator:"),(0,i.mdx)("pre",null,(0,i.mdx)("code",{parentName:"pre",className:"language-json"},'{\n  "model_generators": [\n    {\n      "find": "methods",\n      "where": [{"constraint": "name", "pattern": "toString"}],\n      "model": {\n        "propagation": [\n          {\n            "input": "Argument(0)",\n            "output": "Return"\n          }\n        ]\n      }\n    },\n    {\n      "find": "methods",\n      "where": [\n        {\n          "constraint": "parent",\n          "inner": {\n            "constraint": "extends",\n            "inner": {\n              "constraint": "name",\n              "pattern": "SandcastleCommand"\n            }\n          }\n        },\n        {"constraint": "name", "pattern": "Time"}\n      ],\n      "model": {\n        "sources": [\n          {\n            "kind": "Source",\n            "port": "Return"\n          }\n        ]\n      }\n    },\n    {\n      "find": "methods",\n      "where": [\n        {\n          "constraint": "parent",\n          "inner": {\n            "constraint": "extends",\n            "inner": {"constraint": "name", "pattern": "IEntWithPurposePolicy"}\n          }\n        },\n        {"constraint": "name", "pattern": "gen.*"},\n        {\n          "constraint": "parameter",\n          "idx": 0,\n          "inner": {\n            "constraint": "type",\n            "kind": "extends",\n            "class": "IViewerContext"\n          }\n        },\n        {\n          "constraint": "return",\n          "inner": {\n            "constraint": "extends",\n            "inner": {"constraint": "name", "pattern": "Ent"}\n          }\n        }\n      ],\n      "model": {\n        "modes": ["add-via-obscure-feature"],\n        "sinks": [\n          {\n            "kind": "Sink",\n            "port": "Argument(0)",\n            "features": ["via-gen"]\n          }\n        ]\n      }\n    }\n  ]\n}\n')),(0,i.mdx)("h3",{id:"specification"},"Specification"),(0,i.mdx)("p",null,"Each JSON file is a JSON object with a key ",(0,i.mdx)("inlineCode",{parentName:"p"},"model_generators"),' associated with a list of "rules".'),(0,i.mdx)("p",null,'Each "rule" defines a "filter" (which uses "constraints" to specify methods for which a "model" should be generated) and a "model". A rule has the following key/values:'),(0,i.mdx)("ul",null,(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("p",{parentName:"li"},(0,i.mdx)("inlineCode",{parentName:"p"},"find"),": The type of thing to find. We support ",(0,i.mdx)("inlineCode",{parentName:"p"},"methods")," and ",(0,i.mdx)("inlineCode",{parentName:"p"},"fields"),";")),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("p",{parentName:"li"},(0,i.mdx)("inlineCode",{parentName:"p"},"where"),': A list of "constraints". All constraints ',(0,i.mdx)("strong",{parentName:"p"},"must be satisfied")," by a method or field in order to generate a model for it. All the constraints are listed below, grouped by the type of object they are applied to:"),(0,i.mdx)("ul",{parentName:"li"},(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("p",{parentName:"li"},(0,i.mdx)("strong",{parentName:"p"},"Method"),":"),(0,i.mdx)("ul",{parentName:"li"},(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"signature_match"),": Expects at least one of the two allowed groups of extra properties: ",(0,i.mdx)("inlineCode",{parentName:"li"},"[name | names] [parent | parents | extends [include_self]]")," where:",(0,i.mdx)("ul",{parentName:"li"},(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"name")," (a single string) or ",(0,i.mdx)("inlineCode",{parentName:"li"},"names")," (a list of alternative strings): is exact matched to the method name"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"parent")," (a single string) or ",(0,i.mdx)("inlineCode",{parentName:"li"},"parents")," (a list of alternative strings) is exact matched to the class of the method or ",(0,i.mdx)("inlineCode",{parentName:"li"},"extends")," (either a single string or a list of alternative strings) is exact matched to the base classes or interfaces of the method. ",(0,i.mdx)("inlineCode",{parentName:"li"},"extends")," allows an optional property ",(0,i.mdx)("inlineCode",{parentName:"li"},"include_self")," which is a boolean to indicate if the constraint is applied to the class itself or not (defaults to ",(0,i.mdx)("inlineCode",{parentName:"li"},"true"),")."))),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"signature | signature_pattern"),": Expects an extra property ",(0,i.mdx)("inlineCode",{parentName:"li"},"pattern")," which is a regex to fully match the full signature (class, method, argument types) of a method;",(0,i.mdx)("ul",{parentName:"li"},(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("strong",{parentName:"li"},"NOTE:")," Usage of this constraint is discouraged as it has poor performance. Try using ",(0,i.mdx)("inlineCode",{parentName:"li"},"signature_match")," instead!"))),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"parent"),": Expects an extra property ",(0,i.mdx)("inlineCode",{parentName:"li"},"inner")," ","[Type]"," which contains a nested constraint to apply to the class holding the method;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"parameter"),": Expects an extra properties ",(0,i.mdx)("inlineCode",{parentName:"li"},"idx")," and ",(0,i.mdx)("inlineCode",{parentName:"li"},"inner")," ","[Parameter]"," or ","[Type]",", matches when the idx-th parameter of the function or method matches the nested constraint inner;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"any_parameter"),": Expects an optional extra property ",(0,i.mdx)("inlineCode",{parentName:"li"},"start_idx")," and ",(0,i.mdx)("inlineCode",{parentName:"li"},"inner")," ","[Parameter]"," or ","[Type]",", matches when there is any parameters (starting at start_idx) of the function or method matches the nested constraint inner;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"return"),": Expects an extra property ",(0,i.mdx)("inlineCode",{parentName:"li"},"inner")," ","[Type]"," which contains a nested constraint to apply to the return of the method;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"is_static | is_constructor | is_native | has_code"),": Accepts an extra property ",(0,i.mdx)("inlineCode",{parentName:"li"},"value")," which is either ",(0,i.mdx)("inlineCode",{parentName:"li"},"true")," or ",(0,i.mdx)("inlineCode",{parentName:"li"},"false"),". By default, ",(0,i.mdx)("inlineCode",{parentName:"li"},"value")," is considered ",(0,i.mdx)("inlineCode",{parentName:"li"},"true"),";"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"number_parameters"),": Expects an extra property ",(0,i.mdx)("inlineCode",{parentName:"li"},"inner")," ","[Integer]"," which contains a nested constraint to apply to the number of parameters (counting the implicit ",(0,i.mdx)("inlineCode",{parentName:"li"},"this")," parameter);"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"number_overrides"),": Expects an extra property ",(0,i.mdx)("inlineCode",{parentName:"li"},"inner")," ","[Integer]"," which contains a nested constraint to apply on the number of method overrides."))),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("p",{parentName:"li"},(0,i.mdx)("strong",{parentName:"p"},"Parameter:")),(0,i.mdx)("ul",{parentName:"li"},(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"parameter_has_annotation"),": Expects an extra property ",(0,i.mdx)("inlineCode",{parentName:"li"},"type")," and an optional property ",(0,i.mdx)("inlineCode",{parentName:"li"},"pattern"),", respectively a string and a regex fully matching the value of the parameter annotation."))),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("p",{parentName:"li"},(0,i.mdx)("strong",{parentName:"p"},"Type:")),(0,i.mdx)("ul",{parentName:"li"},(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"extends"),": Expects an extra property ",(0,i.mdx)("inlineCode",{parentName:"li"},"inner")," ","[Type]"," which contains a nested constraint that must apply to one of the base classes or itself. The optional property ",(0,i.mdx)("inlineCode",{parentName:"li"},"include_self")," is a boolean that tells whether the constraint must be applied on the type itself or not (defaults to ",(0,i.mdx)("inlineCode",{parentName:"li"},"true"),");"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"super"),": Expects an extra property ",(0,i.mdx)("inlineCode",{parentName:"li"},"inner")," ","[Type]"," which contains a nested constraint that must apply on the direct superclass;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"is_class | is_interface"),": Accepts an extra property ",(0,i.mdx)("inlineCode",{parentName:"li"},"value")," which is either ",(0,i.mdx)("inlineCode",{parentName:"li"},"true")," or ",(0,i.mdx)("inlineCode",{parentName:"li"},"false"),". By default, ",(0,i.mdx)("inlineCode",{parentName:"li"},"value")," is considered ",(0,i.mdx)("inlineCode",{parentName:"li"},"true"),";"))),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("p",{parentName:"li"},(0,i.mdx)("strong",{parentName:"p"},"Field"),":"),(0,i.mdx)("ul",{parentName:"li"},(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"signature"),": Expects an extra property ",(0,i.mdx)("inlineCode",{parentName:"li"},"pattern")," which is a regex to fully match the full signature of the field. This is of the form ",(0,i.mdx)("inlineCode",{parentName:"li"},"<className>.<fieldName>:<fieldType>"),";"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"parent"),": Expects an extra property ",(0,i.mdx)("inlineCode",{parentName:"li"},"inner")," ","[Type]"," which contains a nested constraint to apply to the class holding the field;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"is_static"),": Accepts an extra property ",(0,i.mdx)("inlineCode",{parentName:"li"},"value")," which is either ",(0,i.mdx)("inlineCode",{parentName:"li"},"true")," or ",(0,i.mdx)("inlineCode",{parentName:"li"},"false"),". By default, ",(0,i.mdx)("inlineCode",{parentName:"li"},"value")," is considered ",(0,i.mdx)("inlineCode",{parentName:"li"},"true"),";"))),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("p",{parentName:"li"},(0,i.mdx)("strong",{parentName:"p"},"Method, Type or Field:")),(0,i.mdx)("ul",{parentName:"li"},(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"name"),": Expects an extra property ",(0,i.mdx)("inlineCode",{parentName:"li"},"pattern")," which is a regex to fully match the name of the item;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"has_annotation"),": Expects an extra property ",(0,i.mdx)("inlineCode",{parentName:"li"},"type")," and an optional property ",(0,i.mdx)("inlineCode",{parentName:"li"},"pattern"),", respectively a string and a regex fully matching the value of the annotation."),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"visibility"),": Expects an extra property ",(0,i.mdx)("inlineCode",{parentName:"li"},"is")," which is either ",(0,i.mdx)("inlineCode",{parentName:"li"},"public"),", ",(0,i.mdx)("inlineCode",{parentName:"li"},"private")," or ",(0,i.mdx)("inlineCode",{parentName:"li"},"protected"),"; (Note this does not apply to ",(0,i.mdx)("inlineCode",{parentName:"li"},"Field"),")"))),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("p",{parentName:"li"},(0,i.mdx)("strong",{parentName:"p"},"Integer:")),(0,i.mdx)("ul",{parentName:"li"},(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"< | <= | == | > | >= | !="),": Expects an extra property ",(0,i.mdx)("inlineCode",{parentName:"li"},"value")," which contains an integer that the input integer is compared with. The input is the left hand side."))),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("p",{parentName:"li"},(0,i.mdx)("strong",{parentName:"p"},"Any (Method, Parameter, Type, Field or Integer):")),(0,i.mdx)("ul",{parentName:"li"},(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"all_of"),": Expects an extra property ",(0,i.mdx)("inlineCode",{parentName:"li"},"inners")," ","[Any]"," which is an array holding nested constraints which must all apply;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"any_of"),": Expects an extra property ",(0,i.mdx)("inlineCode",{parentName:"li"},"inners")," ","[Any]"," which is an array holding nested constraints where one of them must apply;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"not"),": Expects an extra property ",(0,i.mdx)("inlineCode",{parentName:"li"},"inner")," ","[Any]"," which contains a nested constraint that should not apply. (Note this is not yet implemented for ",(0,i.mdx)("inlineCode",{parentName:"li"},"Field"),"s)"))))),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("p",{parentName:"li"},(0,i.mdx)("inlineCode",{parentName:"p"},"model"),": A model, describing sources/sinks/propagations/etc."),(0,i.mdx)("ul",{parentName:"li"},(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("p",{parentName:"li"},(0,i.mdx)("strong",{parentName:"p"},"For method models")),(0,i.mdx)("ul",{parentName:"li"},(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"sources"),"*",": A list of sources, i.e a source flowing out of the method via return value or flowing in via an argument. A source has the following key/values:",(0,i.mdx)("ul",{parentName:"li"},(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"kind"),": The source name;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"port"),"*","*",": The source access path (e.g, ",(0,i.mdx)("inlineCode",{parentName:"li"},'"Return"')," or ",(0,i.mdx)("inlineCode",{parentName:"li"},'"Argument(1)"'),");"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"features"),"*",": A list of features/breadcrumbs names;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"via_type_of"),"*",": A list of ports;"))),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"sinks"),"*",": A list of sinks, i.e describing that a parameter of the method flows into a sink. A sink has the following key/values:",(0,i.mdx)("ul",{parentName:"li"},(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"kind"),": The sink name;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"port"),": The sink access path (e.g, ",(0,i.mdx)("inlineCode",{parentName:"li"},'"Return"')," or ",(0,i.mdx)("inlineCode",{parentName:"li"},'"Argument(1)"'),");"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"features"),"*",": A list of features/breadcrumbs names;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"via_type_of"),"*",": A list of ports;"))),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"propagation"),"*",": A list of propagations (also called passthrough) that describe whether a taint on a parameter should result in a taint on the return value or another parameter. A propagation has the following key/values:",(0,i.mdx)("ul",{parentName:"li"},(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"input"),": The input access path (e.g, ",(0,i.mdx)("inlineCode",{parentName:"li"},'"Argument(1)"'),");"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"output"),": The output access path (e.g, ",(0,i.mdx)("inlineCode",{parentName:"li"},'"Return"')," or ",(0,i.mdx)("inlineCode",{parentName:"li"},'"Argument(2)"'),");"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"features"),"*",": A list of features/breadcrumbs names;"))),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"attach_to_sources"),"*",": A list of attach-to-sources that describe that all sources flowing out of the method on the given parameter or return value must have the given features. An attach-to-source has the following key/values:",(0,i.mdx)("ul",{parentName:"li"},(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"port"),": The access path root (e.g, ",(0,i.mdx)("inlineCode",{parentName:"li"},'"Return"')," or ",(0,i.mdx)("inlineCode",{parentName:"li"},'"Argument(1)"'),");"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"features"),": A list of features/breadcrumb names;"))),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"attach_to_sinks"),"*",": A list of attach-to-sinks that describe that all sources flowing in the method on the given parameter must have the given features. An attach-to-sink has the following key/values:",(0,i.mdx)("ul",{parentName:"li"},(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"port"),": The access path root (e.g, ",(0,i.mdx)("inlineCode",{parentName:"li"},'"Argument(1)"'),");"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"features"),": A list of features/breadcrumb names;"))),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"attach_to_propagations"),"*",": A list of attach-to-propagations that describe that inferred propagations of sources flowing in or out of a given parameter or return value must have the given features. An attach-to-propagation has the following key/values:",(0,i.mdx)("ul",{parentName:"li"},(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"port"),": The access path root (e.g, ",(0,i.mdx)("inlineCode",{parentName:"li"},'"Return"')," or ",(0,i.mdx)("inlineCode",{parentName:"li"},'"Argument(1)"'),");"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"features"),": A list of features/breadcrumb names;"))),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"add_features_to_parameters"),"*",": A list of add-features-to-parameters that describe that flows that might flow on the given parameter must have the given features. An add-features-to-parameter has the following key/values:",(0,i.mdx)("ul",{parentName:"li"},(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"port"),": The access path root (e.g, ",(0,i.mdx)("inlineCode",{parentName:"li"},'"Argument(1)"'),");"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"features"),": A list of features/breadcrumb names;"))),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"modes"),"*",": A list of mode names that describe specific behaviors of a method;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"for_all_parameters"),": Generate sources/sinks/propagations/attach",(0,i.mdx)("em",{parentName:"li"},"to"),"*"," for all parameters of a method that satisfy some constraints. It accepts the following key/values:",(0,i.mdx)("ul",{parentName:"li"},(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"variable"),": A symbolic name for the parameter;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"where"),": An optional list of ","[Parameter]"," or ","[Type]"," constraints on the parameter;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"sources | sinks | propagation"),': Same as under "model", but we accept the variable name as a parameter number.'))))),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("p",{parentName:"li"},(0,i.mdx)("inlineCode",{parentName:"p"},"verbosity"),"*",": A logging level, to help debugging. 1 is the most verbose, 5 is the least. The default verbosity level is 5.")),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("p",{parentName:"li"},(0,i.mdx)("strong",{parentName:"p"},"For Field models")),(0,i.mdx)("ul",{parentName:"li"},(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"sources"),"*",": A list of sources the field should hold. A source has the following key/values:",(0,i.mdx)("ul",{parentName:"li"},(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"kind"),": The source name;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"features"),"*",": A list of features/breadcrumbs names;"))),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"sinks"),"*",": A list of sinks the field should hold. A sink has the following key/values:",(0,i.mdx)("ul",{parentName:"li"},(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"kind"),": The sink name;"),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"features"),"*",": A list of features/breadcrumds names;")))))))),(0,i.mdx)("p",null,"In the above bullets,"),(0,i.mdx)("ul",null,(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"*")," denotes optional key/value."),(0,i.mdx)("li",{parentName:"ul"},(0,i.mdx)("inlineCode",{parentName:"li"},"**")," denotes optional key/value. Default is ",(0,i.mdx)("inlineCode",{parentName:"li"},'"Return"'),".")),(0,i.mdx)("p",null,"Note, the implicit ",(0,i.mdx)("inlineCode",{parentName:"p"},"this")," parameter for methods has the parameter number 0."),(0,i.mdx)("h3",{id:"development"},"Development"),(0,i.mdx)("h4",{id:"when-sources-or-sinks-dont-appear-in-results"},"When Sources or Sinks don't appear in Results"),(0,i.mdx)("ol",null,(0,i.mdx)("li",{parentName:"ol"},(0,i.mdx)("p",{parentName:"li"},"This could be because your model generator did not find any method matching your query. You can use the ",(0,i.mdx)("inlineCode",{parentName:"p"},'"verbosity": 1')," option in your model generator to check if it matched any method. For instance:"),(0,i.mdx)("pre",{parentName:"li"},(0,i.mdx)("code",{parentName:"pre",className:"language-json"},'{\n  "model_generators": [\n    {\n      "find": "methods",\n      "where": /* ... */,\n      "model": {\n        /* ... */\n      },\n      "verbosity": 1\n    }\n  ]\n}\n')),(0,i.mdx)("p",{parentName:"li"},"When running mariana trench, this should print:"),(0,i.mdx)("pre",{parentName:"li"},(0,i.mdx)("code",{parentName:"pre"},"INFO Method `...` satisfies all constraints in json model generator ...\n"))),(0,i.mdx)("li",{parentName:"ol"},(0,i.mdx)("p",{parentName:"li"},"Make sure that your model generator is actually running. You can use the ",(0,i.mdx)("inlineCode",{parentName:"p"},"--verbosity 2")," option to check that. Make sure your model generator is specified in ",(0,i.mdx)("inlineCode",{parentName:"p"},"configuration/default_generator_config.json"),".")),(0,i.mdx)("li",{parentName:"ol"},(0,i.mdx)("p",{parentName:"li"},"You can also check the output models. Use ",(0,i.mdx)("inlineCode",{parentName:"p"},"grep SourceKind models@*")," to see if your source or sink kind exists. Use ",(0,i.mdx)("inlineCode",{parentName:"p"},"grep 'Lcom/example/<class-name>;.<method-name>:' models@*")," to see if a given method exists in the app."))),(0,i.mdx)(m,{mdxType:"FbModels"}))}c.isMDXComponent=!0}}]);
\ No newline at end of file
diff --git a/assets/js/runtime~main.4240a0ef.js b/assets/js/runtime~main.12fefa2a.js
similarity index 85%
rename from assets/js/runtime~main.4240a0ef.js
rename to assets/js/runtime~main.12fefa2a.js
index e7e535dc..4515853e 100644
--- a/assets/js/runtime~main.4240a0ef.js
+++ b/assets/js/runtime~main.12fefa2a.js
@@ -1 +1 @@
-(()=>{"use strict";var e,t,r,a,c,f={},d={};function o(e){var t=d[e];if(void 0!==t)return t.exports;var r=d[e]={id:e,loaded:!1,exports:{}};return f[e].call(r.exports,r,r.exports,o),r.loaded=!0,r.exports}o.m=f,o.c=d,e=[],o.O=(t,r,a,c)=>{if(!r){var f=1/0;for(b=0;b<e.length;b++){r=e[b][0],a=e[b][1],c=e[b][2];for(var d=!0,n=0;n<r.length;n++)(!1&c||f>=c)&&Object.keys(o.O).every((e=>o.O[e](r[n])))?r.splice(n--,1):(d=!1,c<f&&(f=c));if(d){e.splice(b--,1);var i=a();void 0!==i&&(t=i)}}return t}c=c||0;for(var b=e.length;b>0&&e[b-1][2]>c;b--)e[b]=e[b-1];e[b]=[r,a,c]},o.n=e=>{var t=e&&e.__esModule?()=>e.default:()=>e;return o.d(t,{a:t}),t},r=Object.getPrototypeOf?e=>Object.getPrototypeOf(e):e=>e.__proto__,o.t=function(e,a){if(1&a&&(e=this(e)),8&a)return e;if("object"==typeof e&&e){if(4&a&&e.__esModule)return e;if(16&a&&"function"==typeof e.then)return e}var c=Object.create(null);o.r(c);var f={};t=t||[null,r({}),r([]),r(r)];for(var d=2&a&&e;"object"==typeof d&&!~t.indexOf(d);d=r(d))Object.getOwnPropertyNames(d).forEach((t=>f[t]=()=>e[t]));return f.default=()=>e,o.d(c,f),c},o.d=(e,t)=>{for(var r in t)o.o(t,r)&&!o.o(e,r)&&Object.defineProperty(e,r,{enumerable:!0,get:t[r]})},o.f={},o.e=e=>Promise.all(Object.keys(o.f).reduce(((t,r)=>(o.f[r](e,t),t)),[])),o.u=e=>"assets/js/"+({13:"01a85c17",42:"b27405df",48:"dc74e05e",53:"935f2afb",89:"a6aa9e1f",93:"123f1cf0",102:"1287daf0",103:"ccc49370",110:"66406991",133:"d6ed0749",178:"096bfee4",195:"c4f5d8e4",361:"143ae67f",434:"9c92d0fc",453:"30a24c52",477:"b2f554cd",485:"08379d6f",506:"f7096b83",512:"fdc007b8",514:"1be78505",533:"b2b675dd",535:"814f3328",608:"9e4087bc",610:"6875c492",633:"031793e1",648:"747cb41a",683:"068c57da",713:"a7023ddc",800:"208ad3c1",848:"a2d634e7",918:"17896441",949:"e013b240",959:"6eb23e6e"}[e]||e)+"."+{13:"e74cb76f",42:"392ad01a",48:"8af97fbe",53:"792c8ea3",89:"9d8e1dc6",93:"8c08c261",102:"24133656",103:"5cd26f2b",110:"f24f8aa5",133:"2129e329",178:"e16cdc43",195:"d9dc1603",361:"a5e062e2",434:"97cddd67",453:"857ada13",477:"6c544c1e",485:"24180917",506:"12141996",512:"b88c52f2",514:"1ad936f6",533:"37b72b08",535:"7b549cba",608:"370d1eb5",610:"3838b8d3",633:"d46437ba",648:"c3d27131",683:"13450460",713:"be55e6f4",800:"4431c552",848:"f1914ba1",887:"c5736f9a",918:"a29b3b89",949:"49992f75",959:"5251cbb0",972:"b8d9e251"}[e]+".js",o.miniCssF=e=>{},o.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window)return window}}(),o.o=(e,t)=>Object.prototype.hasOwnProperty.call(e,t),a={},c="website:",o.l=(e,t,r,f)=>{if(a[e])a[e].push(t);else{var d,n;if(void 0!==r)for(var i=document.getElementsByTagName("script"),b=0;b<i.length;b++){var l=i[b];if(l.getAttribute("src")==e||l.getAttribute("data-webpack")==c+r){d=l;break}}d||(n=!0,(d=document.createElement("script")).charset="utf-8",d.timeout=120,o.nc&&d.setAttribute("nonce",o.nc),d.setAttribute("data-webpack",c+r),d.src=e),a[e]=[t];var u=(t,r)=>{d.onerror=d.onload=null,clearTimeout(s);var c=a[e];if(delete a[e],d.parentNode&&d.parentNode.removeChild(d),c&&c.forEach((e=>e(r))),t)return t(r)},s=setTimeout(u.bind(null,void 0,{type:"timeout",target:d}),12e4);d.onerror=u.bind(null,d.onerror),d.onload=u.bind(null,d.onload),n&&document.head.appendChild(d)}},o.r=e=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},o.nmd=e=>(e.paths=[],e.children||(e.children=[]),e),o.p="/",o.gca=function(e){return e={17896441:"918",66406991:"110","01a85c17":"13",b27405df:"42",dc74e05e:"48","935f2afb":"53",a6aa9e1f:"89","123f1cf0":"93","1287daf0":"102",ccc49370:"103",d6ed0749:"133","096bfee4":"178",c4f5d8e4:"195","143ae67f":"361","9c92d0fc":"434","30a24c52":"453",b2f554cd:"477","08379d6f":"485",f7096b83:"506",fdc007b8:"512","1be78505":"514",b2b675dd:"533","814f3328":"535","9e4087bc":"608","6875c492":"610","031793e1":"633","747cb41a":"648","068c57da":"683",a7023ddc:"713","208ad3c1":"800",a2d634e7:"848",e013b240:"949","6eb23e6e":"959"}[e]||e,o.p+o.u(e)},(()=>{var e={303:0,532:0};o.f.j=(t,r)=>{var a=o.o(e,t)?e[t]:void 0;if(0!==a)if(a)r.push(a[2]);else if(/^(303|532)$/.test(t))e[t]=0;else{var c=new Promise(((r,c)=>a=e[t]=[r,c]));r.push(a[2]=c);var f=o.p+o.u(t),d=new Error;o.l(f,(r=>{if(o.o(e,t)&&(0!==(a=e[t])&&(e[t]=void 0),a)){var c=r&&("load"===r.type?"missing":r.type),f=r&&r.target&&r.target.src;d.message="Loading chunk "+t+" failed.\n("+c+": "+f+")",d.name="ChunkLoadError",d.type=c,d.request=f,a[1](d)}}),"chunk-"+t,t)}},o.O.j=t=>0===e[t];var t=(t,r)=>{var a,c,f=r[0],d=r[1],n=r[2],i=0;if(f.some((t=>0!==e[t]))){for(a in d)o.o(d,a)&&(o.m[a]=d[a]);if(n)var b=n(o)}for(t&&t(r);i<f.length;i++)c=f[i],o.o(e,c)&&e[c]&&e[c][0](),e[c]=0;return o.O(b)},r=self.webpackChunkwebsite=self.webpackChunkwebsite||[];r.forEach(t.bind(null,0)),r.push=t.bind(null,r.push.bind(r))})()})();
\ No newline at end of file
+(()=>{"use strict";var e,t,r,a,c,f={},d={};function o(e){var t=d[e];if(void 0!==t)return t.exports;var r=d[e]={id:e,loaded:!1,exports:{}};return f[e].call(r.exports,r,r.exports,o),r.loaded=!0,r.exports}o.m=f,o.c=d,e=[],o.O=(t,r,a,c)=>{if(!r){var f=1/0;for(i=0;i<e.length;i++){r=e[i][0],a=e[i][1],c=e[i][2];for(var d=!0,n=0;n<r.length;n++)(!1&c||f>=c)&&Object.keys(o.O).every((e=>o.O[e](r[n])))?r.splice(n--,1):(d=!1,c<f&&(f=c));if(d){e.splice(i--,1);var b=a();void 0!==b&&(t=b)}}return t}c=c||0;for(var i=e.length;i>0&&e[i-1][2]>c;i--)e[i]=e[i-1];e[i]=[r,a,c]},o.n=e=>{var t=e&&e.__esModule?()=>e.default:()=>e;return o.d(t,{a:t}),t},r=Object.getPrototypeOf?e=>Object.getPrototypeOf(e):e=>e.__proto__,o.t=function(e,a){if(1&a&&(e=this(e)),8&a)return e;if("object"==typeof e&&e){if(4&a&&e.__esModule)return e;if(16&a&&"function"==typeof e.then)return e}var c=Object.create(null);o.r(c);var f={};t=t||[null,r({}),r([]),r(r)];for(var d=2&a&&e;"object"==typeof d&&!~t.indexOf(d);d=r(d))Object.getOwnPropertyNames(d).forEach((t=>f[t]=()=>e[t]));return f.default=()=>e,o.d(c,f),c},o.d=(e,t)=>{for(var r in t)o.o(t,r)&&!o.o(e,r)&&Object.defineProperty(e,r,{enumerable:!0,get:t[r]})},o.f={},o.e=e=>Promise.all(Object.keys(o.f).reduce(((t,r)=>(o.f[r](e,t),t)),[])),o.u=e=>"assets/js/"+({13:"01a85c17",42:"b27405df",48:"dc74e05e",53:"935f2afb",89:"a6aa9e1f",93:"123f1cf0",102:"1287daf0",103:"ccc49370",110:"66406991",133:"d6ed0749",178:"096bfee4",195:"c4f5d8e4",361:"143ae67f",434:"9c92d0fc",453:"30a24c52",477:"b2f554cd",485:"08379d6f",506:"f7096b83",512:"fdc007b8",514:"1be78505",533:"b2b675dd",535:"814f3328",608:"9e4087bc",610:"6875c492",633:"031793e1",648:"747cb41a",683:"068c57da",713:"a7023ddc",800:"208ad3c1",848:"a2d634e7",918:"17896441",949:"e013b240",959:"6eb23e6e"}[e]||e)+"."+{13:"e74cb76f",42:"392ad01a",48:"8af97fbe",53:"792c8ea3",89:"9d8e1dc6",93:"8c08c261",102:"24133656",103:"5cd26f2b",110:"f24f8aa5",133:"f1f4c22d",178:"e16cdc43",195:"d9dc1603",361:"a5e062e2",434:"97cddd67",453:"857ada13",477:"6c544c1e",485:"24180917",506:"12141996",512:"b88c52f2",514:"1ad936f6",533:"37b72b08",535:"7b549cba",608:"370d1eb5",610:"3838b8d3",633:"d46437ba",648:"c3d27131",683:"13450460",713:"be55e6f4",800:"4431c552",848:"f1914ba1",887:"c5736f9a",918:"a29b3b89",949:"49992f75",959:"5251cbb0",972:"b8d9e251"}[e]+".js",o.miniCssF=e=>{},o.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window)return window}}(),o.o=(e,t)=>Object.prototype.hasOwnProperty.call(e,t),a={},c="website:",o.l=(e,t,r,f)=>{if(a[e])a[e].push(t);else{var d,n;if(void 0!==r)for(var b=document.getElementsByTagName("script"),i=0;i<b.length;i++){var l=b[i];if(l.getAttribute("src")==e||l.getAttribute("data-webpack")==c+r){d=l;break}}d||(n=!0,(d=document.createElement("script")).charset="utf-8",d.timeout=120,o.nc&&d.setAttribute("nonce",o.nc),d.setAttribute("data-webpack",c+r),d.src=e),a[e]=[t];var u=(t,r)=>{d.onerror=d.onload=null,clearTimeout(s);var c=a[e];if(delete a[e],d.parentNode&&d.parentNode.removeChild(d),c&&c.forEach((e=>e(r))),t)return t(r)},s=setTimeout(u.bind(null,void 0,{type:"timeout",target:d}),12e4);d.onerror=u.bind(null,d.onerror),d.onload=u.bind(null,d.onload),n&&document.head.appendChild(d)}},o.r=e=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},o.nmd=e=>(e.paths=[],e.children||(e.children=[]),e),o.p="/",o.gca=function(e){return e={17896441:"918",66406991:"110","01a85c17":"13",b27405df:"42",dc74e05e:"48","935f2afb":"53",a6aa9e1f:"89","123f1cf0":"93","1287daf0":"102",ccc49370:"103",d6ed0749:"133","096bfee4":"178",c4f5d8e4:"195","143ae67f":"361","9c92d0fc":"434","30a24c52":"453",b2f554cd:"477","08379d6f":"485",f7096b83:"506",fdc007b8:"512","1be78505":"514",b2b675dd:"533","814f3328":"535","9e4087bc":"608","6875c492":"610","031793e1":"633","747cb41a":"648","068c57da":"683",a7023ddc:"713","208ad3c1":"800",a2d634e7:"848",e013b240:"949","6eb23e6e":"959"}[e]||e,o.p+o.u(e)},(()=>{var e={303:0,532:0};o.f.j=(t,r)=>{var a=o.o(e,t)?e[t]:void 0;if(0!==a)if(a)r.push(a[2]);else if(/^(303|532)$/.test(t))e[t]=0;else{var c=new Promise(((r,c)=>a=e[t]=[r,c]));r.push(a[2]=c);var f=o.p+o.u(t),d=new Error;o.l(f,(r=>{if(o.o(e,t)&&(0!==(a=e[t])&&(e[t]=void 0),a)){var c=r&&("load"===r.type?"missing":r.type),f=r&&r.target&&r.target.src;d.message="Loading chunk "+t+" failed.\n("+c+": "+f+")",d.name="ChunkLoadError",d.type=c,d.request=f,a[1](d)}}),"chunk-"+t,t)}},o.O.j=t=>0===e[t];var t=(t,r)=>{var a,c,f=r[0],d=r[1],n=r[2],b=0;if(f.some((t=>0!==e[t]))){for(a in d)o.o(d,a)&&(o.m[a]=d[a]);if(n)var i=n(o)}for(t&&t(r);b<f.length;b++)c=f[b],o.o(e,c)&&e[c]&&e[c][0](),e[c]=0;return o.O(i)},r=self.webpackChunkwebsite=self.webpackChunkwebsite||[];r.forEach(t.bind(null,0)),r.push=t.bind(null,r.push.bind(r))})()})();
\ No newline at end of file
diff --git a/blog/archive/index.html b/blog/archive/index.html
index b9d5956e..fa3674c9 100644
--- a/blog/archive/index.html
+++ b/blog/archive/index.html
@@ -5,14 +5,14 @@
 <meta name="generator" content="Docusaurus v2.1.0">
 <title data-rh="true">Archive | Mariana Trench</title><meta data-rh="true" name="viewport" content="width=device-width,initial-scale=1"><meta data-rh="true" name="twitter:card" content="summary_large_image"><meta data-rh="true" property="og:url" content="https://mariana-tren.ch/blog/archive/"><meta data-rh="true" name="docusaurus_locale" content="en"><meta data-rh="true" name="docusaurus_tag" content="default"><meta data-rh="true" name="docsearch:language" content="en"><meta data-rh="true" name="docsearch:docusaurus_tag" content="default"><meta data-rh="true" property="og:title" content="Archive | Mariana Trench"><meta data-rh="true" name="description" content="Archive"><meta data-rh="true" property="og:description" content="Archive"><link data-rh="true" rel="icon" href="/img/favicon.ico"><link data-rh="true" rel="canonical" href="https://mariana-tren.ch/blog/archive/"><link data-rh="true" rel="alternate" href="https://mariana-tren.ch/blog/archive/" hreflang="en"><link data-rh="true" rel="alternate" href="https://mariana-tren.ch/blog/archive/" hreflang="x-default"><link rel="alternate" type="application/rss+xml" href="/blog/rss.xml" title="Mariana Trench RSS Feed">
 <link rel="alternate" type="application/atom+xml" href="/blog/atom.xml" title="Mariana Trench Atom Feed"><link rel="stylesheet" href="/assets/css/styles.e56ff910.css">
-<link rel="preload" href="/assets/js/runtime~main.4240a0ef.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.12fefa2a.js" as="script">
 <link rel="preload" href="/assets/js/main.98fb840d.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
 <script>!function(){function t(t){document.documentElement.setAttribute("data-theme",t)}var e=function(){var t=null;try{t=localStorage.getItem("theme")}catch(t){}return t}();t(null!==e?e:"light")}()</script>
 <div style="display: none; text-align: center; background-color: white; color: black;" id="internaldocs-banner"></div><div id="__docusaurus">
 <div role="region" aria-label="theme.common.skipToMainContent"><a href="#" class="skipToContent_fXgn">Skip to main content</a></div><nav class="navbar navbar--fixed-top"><div class="navbar__inner"><div class="navbar__items"><button aria-label="Navigation bar toggle" class="navbar__toggle clean-btn" type="button" tabindex="0"><svg width="30" height="30" viewBox="0 0 30 30" aria-hidden="true"><path stroke="currentColor" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2" d="M4 7h22M4 15h22M4 23h22"></path></svg></button><a class="navbar__brand" href="/"><b class="navbar__title text--truncate">Mariana Trench</b></a><a class="navbar__item navbar__link" href="/docs/overview/">Documentation</a></div><div class="navbar__items navbar__items--right"><a href="https://github.com/facebook/mariana-trench" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link">GitHub<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a><div class="searchBox_ZlJk"></div></div></div><div role="presentation" class="navbar-sidebar__backdrop"></div></nav><div class="main-wrapper mainWrapper_z2l0"><header class="hero hero--primary"><div class="container"><h1 class="hero__title">Archive</h1><p class="hero__subtitle">Archive</p></div></header><main><section class="margin-vert--lg"><div class="container"><div class="row"><div class="col col--4 margin-vert--lg"><h3>2020</h3><ul><li><a href="/blog/welcome/">January 27, 2020<!-- --> - <!-- -->Welcome</a></li></ul></div></div></div></section></main></div><footer class="footer footer--dark"><div class="container container-fluid"><div class="row footer__links"><div class="col footer__col"><div class="footer__title">Learn</div><ul class="footer__items clean-list"><li class="footer__item"><a class="footer__link-item" href="/docs/getting-started/">Getting Started</a></li></ul></div><div class="col footer__col"><div class="footer__title">Community</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://twitter.com/metaOpenSource" target="_blank" rel="noopener noreferrer" class="footer__link-item">Twitter<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div><div class="col footer__col"><div class="footer__title">More</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://github.com/facebook/mariana-trench" target="_blank" rel="noopener noreferrer" class="footer__link-item">GitHub<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div><div class="col footer__col"><div class="footer__title">Legal</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://opensource.facebook.com/legal/privacy/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Privacy<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li class="footer__item"><a href="https://opensource.facebook.com/legal/terms/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Terms<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div></div><div class="footer__bottom text--center"><div class="margin-bottom--sm"><a href="https://opensource.facebook.com" rel="noopener noreferrer" class="footerLogoLink_BH7S"><img src="/img/oss_logo.png" alt="Facebook Open Source Logo" class="themedImage_ToTc themedImage--light_HNdA footer__logo"><img src="/img/oss_logo.png" alt="Facebook Open Source Logo" class="themedImage_ToTc themedImage--dark_i4oU footer__logo"></a></div><div class="footer__copyright">Copyright © 2023 Meta Platforms, Inc. Built with Docusaurus.</div></div></div></footer></div>
-<script src="/assets/js/runtime~main.4240a0ef.js"></script>
+<script src="/assets/js/runtime~main.12fefa2a.js"></script>
 <script src="/assets/js/main.98fb840d.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/blog/index.html b/blog/index.html
index 3f91e84b..b375af06 100644
--- a/blog/index.html
+++ b/blog/index.html
@@ -5,14 +5,14 @@
 <meta name="generator" content="Docusaurus v2.1.0">
 <title data-rh="true">Blog | Mariana Trench</title><meta data-rh="true" name="viewport" content="width=device-width,initial-scale=1"><meta data-rh="true" name="twitter:card" content="summary_large_image"><meta data-rh="true" property="og:url" content="https://mariana-tren.ch/blog/"><meta data-rh="true" name="docusaurus_locale" content="en"><meta data-rh="true" name="docsearch:language" content="en"><meta data-rh="true" property="og:title" content="Blog | Mariana Trench"><meta data-rh="true" name="description" content="Blog"><meta data-rh="true" property="og:description" content="Blog"><meta data-rh="true" name="docusaurus_tag" content="blog_posts_list"><meta data-rh="true" name="docsearch:docusaurus_tag" content="blog_posts_list"><link data-rh="true" rel="icon" href="/img/favicon.ico"><link data-rh="true" rel="canonical" href="https://mariana-tren.ch/blog/"><link data-rh="true" rel="alternate" href="https://mariana-tren.ch/blog/" hreflang="en"><link data-rh="true" rel="alternate" href="https://mariana-tren.ch/blog/" hreflang="x-default"><link rel="alternate" type="application/rss+xml" href="/blog/rss.xml" title="Mariana Trench RSS Feed">
 <link rel="alternate" type="application/atom+xml" href="/blog/atom.xml" title="Mariana Trench Atom Feed"><link rel="stylesheet" href="/assets/css/styles.e56ff910.css">
-<link rel="preload" href="/assets/js/runtime~main.4240a0ef.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.12fefa2a.js" as="script">
 <link rel="preload" href="/assets/js/main.98fb840d.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
 <script>!function(){function t(t){document.documentElement.setAttribute("data-theme",t)}var e=function(){var t=null;try{t=localStorage.getItem("theme")}catch(t){}return t}();t(null!==e?e:"light")}()</script>
 <div style="display: none; text-align: center; background-color: white; color: black;" id="internaldocs-banner"></div><div id="__docusaurus">
 <div role="region" aria-label="theme.common.skipToMainContent"><a href="#" class="skipToContent_fXgn">Skip to main content</a></div><nav class="navbar navbar--fixed-top"><div class="navbar__inner"><div class="navbar__items"><button aria-label="Navigation bar toggle" class="navbar__toggle clean-btn" type="button" tabindex="0"><svg width="30" height="30" viewBox="0 0 30 30" aria-hidden="true"><path stroke="currentColor" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2" d="M4 7h22M4 15h22M4 23h22"></path></svg></button><a class="navbar__brand" href="/"><b class="navbar__title text--truncate">Mariana Trench</b></a><a class="navbar__item navbar__link" href="/docs/overview/">Documentation</a></div><div class="navbar__items navbar__items--right"><a href="https://github.com/facebook/mariana-trench" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link">GitHub<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a><div class="searchBox_ZlJk"></div></div></div><div role="presentation" class="navbar-sidebar__backdrop"></div></nav><div class="main-wrapper mainWrapper_z2l0"><div class="container margin-vert--lg"><div class="row"><aside class="col col--3"><nav class="sidebar_re4s thin-scrollbar" aria-label="Blog recent posts navigation"><div class="sidebarItemTitle_pO2u margin-bottom--md">Recent posts</div><ul class="sidebarItemList_Yudw clean-list"><li class="sidebarItem__DBe"><a class="sidebarItemLink_mo7H" href="/blog/welcome/">Welcome</a></li></ul></nav></aside><main class="col col--7" itemscope="" itemtype="http://schema.org/Blog"><article class="margin-bottom--xl" itemprop="blogPost" itemscope="" itemtype="http://schema.org/BlogPosting"><header><h2 class="title_f1Hy" itemprop="headline"><a itemprop="url" href="/blog/welcome/">Welcome</a></h2><div class="container_mt6G margin-vert--md"><time datetime="2020-01-27T00:00:00.000Z" itemprop="datePublished">January 27, 2020</time> · <!-- -->One min read</div><div class="margin-top--md margin-bottom--sm row"><div class="col col--6 authorCol_Hf19"><div class="avatar margin-bottom--sm"><a href="https://github.com/facebook/mariana-trench" target="_blank" rel="noopener noreferrer" class="avatar__photo-link"><img class="avatar__photo" src="https://avatars.githubusercontent.com/u/19538647?v=4" alt="Mariana Trench Team"></a><div class="avatar__intro" itemprop="author" itemscope="" itemtype="https://schema.org/Person"><div class="avatar__name"><a href="https://github.com/facebook/mariana-trench" target="_blank" rel="noopener noreferrer" itemprop="url"><span itemprop="name">Mariana Trench Team</span></a></div><small class="avatar__subtitle" itemprop="description">Mariana Trench Team</small></div></div></div></div></header><div class="markdown" itemprop="articleBody"><p>First post</p></div><footer class="row docusaurus-mt-lg"><div class="col"><b>Tags:</b><ul class="tags_jXut padding--none margin-left--sm"><li class="tag_QGVx"><a class="tag_zVej tagRegular_sFm0" href="/blog/tags/facebook/">facebook</a></li><li class="tag_QGVx"><a class="tag_zVej tagRegular_sFm0" href="/blog/tags/hello/">hello</a></li></ul></div></footer></article><nav class="pagination-nav" aria-label="Blog list page navigation"></nav></main></div></div></div><footer class="footer footer--dark"><div class="container container-fluid"><div class="row footer__links"><div class="col footer__col"><div class="footer__title">Learn</div><ul class="footer__items clean-list"><li class="footer__item"><a class="footer__link-item" href="/docs/getting-started/">Getting Started</a></li></ul></div><div class="col footer__col"><div class="footer__title">Community</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://twitter.com/metaOpenSource" target="_blank" rel="noopener noreferrer" class="footer__link-item">Twitter<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div><div class="col footer__col"><div class="footer__title">More</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://github.com/facebook/mariana-trench" target="_blank" rel="noopener noreferrer" class="footer__link-item">GitHub<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div><div class="col footer__col"><div class="footer__title">Legal</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://opensource.facebook.com/legal/privacy/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Privacy<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li class="footer__item"><a href="https://opensource.facebook.com/legal/terms/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Terms<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div></div><div class="footer__bottom text--center"><div class="margin-bottom--sm"><a href="https://opensource.facebook.com" rel="noopener noreferrer" class="footerLogoLink_BH7S"><img src="/img/oss_logo.png" alt="Facebook Open Source Logo" class="themedImage_ToTc themedImage--light_HNdA footer__logo"><img src="/img/oss_logo.png" alt="Facebook Open Source Logo" class="themedImage_ToTc themedImage--dark_i4oU footer__logo"></a></div><div class="footer__copyright">Copyright © 2023 Meta Platforms, Inc. Built with Docusaurus.</div></div></div></footer></div>
-<script src="/assets/js/runtime~main.4240a0ef.js"></script>
+<script src="/assets/js/runtime~main.12fefa2a.js"></script>
 <script src="/assets/js/main.98fb840d.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/blog/tags/facebook/index.html b/blog/tags/facebook/index.html
index 52a768d0..fc0972b6 100644
--- a/blog/tags/facebook/index.html
+++ b/blog/tags/facebook/index.html
@@ -5,14 +5,14 @@
 <meta name="generator" content="Docusaurus v2.1.0">
 <title data-rh="true">One post tagged with &quot;facebook&quot; | Mariana Trench</title><meta data-rh="true" name="viewport" content="width=device-width,initial-scale=1"><meta data-rh="true" name="twitter:card" content="summary_large_image"><meta data-rh="true" property="og:url" content="https://mariana-tren.ch/blog/tags/facebook/"><meta data-rh="true" name="docusaurus_locale" content="en"><meta data-rh="true" name="docsearch:language" content="en"><meta data-rh="true" property="og:title" content="One post tagged with &quot;facebook&quot; | Mariana Trench"><meta data-rh="true" name="docusaurus_tag" content="blog_tags_posts"><meta data-rh="true" name="docsearch:docusaurus_tag" content="blog_tags_posts"><link data-rh="true" rel="icon" href="/img/favicon.ico"><link data-rh="true" rel="canonical" href="https://mariana-tren.ch/blog/tags/facebook/"><link data-rh="true" rel="alternate" href="https://mariana-tren.ch/blog/tags/facebook/" hreflang="en"><link data-rh="true" rel="alternate" href="https://mariana-tren.ch/blog/tags/facebook/" hreflang="x-default"><link rel="alternate" type="application/rss+xml" href="/blog/rss.xml" title="Mariana Trench RSS Feed">
 <link rel="alternate" type="application/atom+xml" href="/blog/atom.xml" title="Mariana Trench Atom Feed"><link rel="stylesheet" href="/assets/css/styles.e56ff910.css">
-<link rel="preload" href="/assets/js/runtime~main.4240a0ef.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.12fefa2a.js" as="script">
 <link rel="preload" href="/assets/js/main.98fb840d.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
 <script>!function(){function t(t){document.documentElement.setAttribute("data-theme",t)}var e=function(){var t=null;try{t=localStorage.getItem("theme")}catch(t){}return t}();t(null!==e?e:"light")}()</script>
 <div style="display: none; text-align: center; background-color: white; color: black;" id="internaldocs-banner"></div><div id="__docusaurus">
 <div role="region" aria-label="theme.common.skipToMainContent"><a href="#" class="skipToContent_fXgn">Skip to main content</a></div><nav class="navbar navbar--fixed-top"><div class="navbar__inner"><div class="navbar__items"><button aria-label="Navigation bar toggle" class="navbar__toggle clean-btn" type="button" tabindex="0"><svg width="30" height="30" viewBox="0 0 30 30" aria-hidden="true"><path stroke="currentColor" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2" d="M4 7h22M4 15h22M4 23h22"></path></svg></button><a class="navbar__brand" href="/"><b class="navbar__title text--truncate">Mariana Trench</b></a><a class="navbar__item navbar__link" href="/docs/overview/">Documentation</a></div><div class="navbar__items navbar__items--right"><a href="https://github.com/facebook/mariana-trench" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link">GitHub<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a><div class="searchBox_ZlJk"></div></div></div><div role="presentation" class="navbar-sidebar__backdrop"></div></nav><div class="main-wrapper mainWrapper_z2l0"><div class="container margin-vert--lg"><div class="row"><aside class="col col--3"><nav class="sidebar_re4s thin-scrollbar" aria-label="Blog recent posts navigation"><div class="sidebarItemTitle_pO2u margin-bottom--md">Recent posts</div><ul class="sidebarItemList_Yudw clean-list"><li class="sidebarItem__DBe"><a class="sidebarItemLink_mo7H" href="/blog/welcome/">Welcome</a></li></ul></nav></aside><main class="col col--7" itemscope="" itemtype="http://schema.org/Blog"><header class="margin-bottom--xl"><h1>One post tagged with &quot;facebook&quot;</h1><a href="/blog/tags/">View All Tags</a></header><article class="margin-bottom--xl" itemprop="blogPost" itemscope="" itemtype="http://schema.org/BlogPosting"><header><h2 class="title_f1Hy" itemprop="headline"><a itemprop="url" href="/blog/welcome/">Welcome</a></h2><div class="container_mt6G margin-vert--md"><time datetime="2020-01-27T00:00:00.000Z" itemprop="datePublished">January 27, 2020</time> · <!-- -->One min read</div><div class="margin-top--md margin-bottom--sm row"><div class="col col--6 authorCol_Hf19"><div class="avatar margin-bottom--sm"><a href="https://github.com/facebook/mariana-trench" target="_blank" rel="noopener noreferrer" class="avatar__photo-link"><img class="avatar__photo" src="https://avatars.githubusercontent.com/u/19538647?v=4" alt="Mariana Trench Team"></a><div class="avatar__intro" itemprop="author" itemscope="" itemtype="https://schema.org/Person"><div class="avatar__name"><a href="https://github.com/facebook/mariana-trench" target="_blank" rel="noopener noreferrer" itemprop="url"><span itemprop="name">Mariana Trench Team</span></a></div><small class="avatar__subtitle" itemprop="description">Mariana Trench Team</small></div></div></div></div></header><div class="markdown" itemprop="articleBody"><p>First post</p></div><footer class="row docusaurus-mt-lg"><div class="col"><b>Tags:</b><ul class="tags_jXut padding--none margin-left--sm"><li class="tag_QGVx"><a class="tag_zVej tagRegular_sFm0" href="/blog/tags/facebook/">facebook</a></li><li class="tag_QGVx"><a class="tag_zVej tagRegular_sFm0" href="/blog/tags/hello/">hello</a></li></ul></div></footer></article><nav class="pagination-nav" aria-label="Blog list page navigation"></nav></main></div></div></div><footer class="footer footer--dark"><div class="container container-fluid"><div class="row footer__links"><div class="col footer__col"><div class="footer__title">Learn</div><ul class="footer__items clean-list"><li class="footer__item"><a class="footer__link-item" href="/docs/getting-started/">Getting Started</a></li></ul></div><div class="col footer__col"><div class="footer__title">Community</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://twitter.com/metaOpenSource" target="_blank" rel="noopener noreferrer" class="footer__link-item">Twitter<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div><div class="col footer__col"><div class="footer__title">More</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://github.com/facebook/mariana-trench" target="_blank" rel="noopener noreferrer" class="footer__link-item">GitHub<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div><div class="col footer__col"><div class="footer__title">Legal</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://opensource.facebook.com/legal/privacy/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Privacy<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li class="footer__item"><a href="https://opensource.facebook.com/legal/terms/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Terms<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div></div><div class="footer__bottom text--center"><div class="margin-bottom--sm"><a href="https://opensource.facebook.com" rel="noopener noreferrer" class="footerLogoLink_BH7S"><img src="/img/oss_logo.png" alt="Facebook Open Source Logo" class="themedImage_ToTc themedImage--light_HNdA footer__logo"><img src="/img/oss_logo.png" alt="Facebook Open Source Logo" class="themedImage_ToTc themedImage--dark_i4oU footer__logo"></a></div><div class="footer__copyright">Copyright © 2023 Meta Platforms, Inc. Built with Docusaurus.</div></div></div></footer></div>
-<script src="/assets/js/runtime~main.4240a0ef.js"></script>
+<script src="/assets/js/runtime~main.12fefa2a.js"></script>
 <script src="/assets/js/main.98fb840d.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/blog/tags/hello/index.html b/blog/tags/hello/index.html
index d9598d3f..e78a7262 100644
--- a/blog/tags/hello/index.html
+++ b/blog/tags/hello/index.html
@@ -5,14 +5,14 @@
 <meta name="generator" content="Docusaurus v2.1.0">
 <title data-rh="true">One post tagged with &quot;hello&quot; | Mariana Trench</title><meta data-rh="true" name="viewport" content="width=device-width,initial-scale=1"><meta data-rh="true" name="twitter:card" content="summary_large_image"><meta data-rh="true" property="og:url" content="https://mariana-tren.ch/blog/tags/hello/"><meta data-rh="true" name="docusaurus_locale" content="en"><meta data-rh="true" name="docsearch:language" content="en"><meta data-rh="true" property="og:title" content="One post tagged with &quot;hello&quot; | Mariana Trench"><meta data-rh="true" name="docusaurus_tag" content="blog_tags_posts"><meta data-rh="true" name="docsearch:docusaurus_tag" content="blog_tags_posts"><link data-rh="true" rel="icon" href="/img/favicon.ico"><link data-rh="true" rel="canonical" href="https://mariana-tren.ch/blog/tags/hello/"><link data-rh="true" rel="alternate" href="https://mariana-tren.ch/blog/tags/hello/" hreflang="en"><link data-rh="true" rel="alternate" href="https://mariana-tren.ch/blog/tags/hello/" hreflang="x-default"><link rel="alternate" type="application/rss+xml" href="/blog/rss.xml" title="Mariana Trench RSS Feed">
 <link rel="alternate" type="application/atom+xml" href="/blog/atom.xml" title="Mariana Trench Atom Feed"><link rel="stylesheet" href="/assets/css/styles.e56ff910.css">
-<link rel="preload" href="/assets/js/runtime~main.4240a0ef.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.12fefa2a.js" as="script">
 <link rel="preload" href="/assets/js/main.98fb840d.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
 <script>!function(){function t(t){document.documentElement.setAttribute("data-theme",t)}var e=function(){var t=null;try{t=localStorage.getItem("theme")}catch(t){}return t}();t(null!==e?e:"light")}()</script>
 <div style="display: none; text-align: center; background-color: white; color: black;" id="internaldocs-banner"></div><div id="__docusaurus">
 <div role="region" aria-label="theme.common.skipToMainContent"><a href="#" class="skipToContent_fXgn">Skip to main content</a></div><nav class="navbar navbar--fixed-top"><div class="navbar__inner"><div class="navbar__items"><button aria-label="Navigation bar toggle" class="navbar__toggle clean-btn" type="button" tabindex="0"><svg width="30" height="30" viewBox="0 0 30 30" aria-hidden="true"><path stroke="currentColor" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2" d="M4 7h22M4 15h22M4 23h22"></path></svg></button><a class="navbar__brand" href="/"><b class="navbar__title text--truncate">Mariana Trench</b></a><a class="navbar__item navbar__link" href="/docs/overview/">Documentation</a></div><div class="navbar__items navbar__items--right"><a href="https://github.com/facebook/mariana-trench" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link">GitHub<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a><div class="searchBox_ZlJk"></div></div></div><div role="presentation" class="navbar-sidebar__backdrop"></div></nav><div class="main-wrapper mainWrapper_z2l0"><div class="container margin-vert--lg"><div class="row"><aside class="col col--3"><nav class="sidebar_re4s thin-scrollbar" aria-label="Blog recent posts navigation"><div class="sidebarItemTitle_pO2u margin-bottom--md">Recent posts</div><ul class="sidebarItemList_Yudw clean-list"><li class="sidebarItem__DBe"><a class="sidebarItemLink_mo7H" href="/blog/welcome/">Welcome</a></li></ul></nav></aside><main class="col col--7" itemscope="" itemtype="http://schema.org/Blog"><header class="margin-bottom--xl"><h1>One post tagged with &quot;hello&quot;</h1><a href="/blog/tags/">View All Tags</a></header><article class="margin-bottom--xl" itemprop="blogPost" itemscope="" itemtype="http://schema.org/BlogPosting"><header><h2 class="title_f1Hy" itemprop="headline"><a itemprop="url" href="/blog/welcome/">Welcome</a></h2><div class="container_mt6G margin-vert--md"><time datetime="2020-01-27T00:00:00.000Z" itemprop="datePublished">January 27, 2020</time> · <!-- -->One min read</div><div class="margin-top--md margin-bottom--sm row"><div class="col col--6 authorCol_Hf19"><div class="avatar margin-bottom--sm"><a href="https://github.com/facebook/mariana-trench" target="_blank" rel="noopener noreferrer" class="avatar__photo-link"><img class="avatar__photo" src="https://avatars.githubusercontent.com/u/19538647?v=4" alt="Mariana Trench Team"></a><div class="avatar__intro" itemprop="author" itemscope="" itemtype="https://schema.org/Person"><div class="avatar__name"><a href="https://github.com/facebook/mariana-trench" target="_blank" rel="noopener noreferrer" itemprop="url"><span itemprop="name">Mariana Trench Team</span></a></div><small class="avatar__subtitle" itemprop="description">Mariana Trench Team</small></div></div></div></div></header><div class="markdown" itemprop="articleBody"><p>First post</p></div><footer class="row docusaurus-mt-lg"><div class="col"><b>Tags:</b><ul class="tags_jXut padding--none margin-left--sm"><li class="tag_QGVx"><a class="tag_zVej tagRegular_sFm0" href="/blog/tags/facebook/">facebook</a></li><li class="tag_QGVx"><a class="tag_zVej tagRegular_sFm0" href="/blog/tags/hello/">hello</a></li></ul></div></footer></article><nav class="pagination-nav" aria-label="Blog list page navigation"></nav></main></div></div></div><footer class="footer footer--dark"><div class="container container-fluid"><div class="row footer__links"><div class="col footer__col"><div class="footer__title">Learn</div><ul class="footer__items clean-list"><li class="footer__item"><a class="footer__link-item" href="/docs/getting-started/">Getting Started</a></li></ul></div><div class="col footer__col"><div class="footer__title">Community</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://twitter.com/metaOpenSource" target="_blank" rel="noopener noreferrer" class="footer__link-item">Twitter<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div><div class="col footer__col"><div class="footer__title">More</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://github.com/facebook/mariana-trench" target="_blank" rel="noopener noreferrer" class="footer__link-item">GitHub<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div><div class="col footer__col"><div class="footer__title">Legal</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://opensource.facebook.com/legal/privacy/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Privacy<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li class="footer__item"><a href="https://opensource.facebook.com/legal/terms/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Terms<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div></div><div class="footer__bottom text--center"><div class="margin-bottom--sm"><a href="https://opensource.facebook.com" rel="noopener noreferrer" class="footerLogoLink_BH7S"><img src="/img/oss_logo.png" alt="Facebook Open Source Logo" class="themedImage_ToTc themedImage--light_HNdA footer__logo"><img src="/img/oss_logo.png" alt="Facebook Open Source Logo" class="themedImage_ToTc themedImage--dark_i4oU footer__logo"></a></div><div class="footer__copyright">Copyright © 2023 Meta Platforms, Inc. Built with Docusaurus.</div></div></div></footer></div>
-<script src="/assets/js/runtime~main.4240a0ef.js"></script>
+<script src="/assets/js/runtime~main.12fefa2a.js"></script>
 <script src="/assets/js/main.98fb840d.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/blog/tags/index.html b/blog/tags/index.html
index 11756b05..9f597224 100644
--- a/blog/tags/index.html
+++ b/blog/tags/index.html
@@ -5,14 +5,14 @@
 <meta name="generator" content="Docusaurus v2.1.0">
 <title data-rh="true">Tags | Mariana Trench</title><meta data-rh="true" name="viewport" content="width=device-width,initial-scale=1"><meta data-rh="true" name="twitter:card" content="summary_large_image"><meta data-rh="true" property="og:url" content="https://mariana-tren.ch/blog/tags/"><meta data-rh="true" name="docusaurus_locale" content="en"><meta data-rh="true" name="docsearch:language" content="en"><meta data-rh="true" property="og:title" content="Tags | Mariana Trench"><meta data-rh="true" name="docusaurus_tag" content="blog_tags_list"><meta data-rh="true" name="docsearch:docusaurus_tag" content="blog_tags_list"><link data-rh="true" rel="icon" href="/img/favicon.ico"><link data-rh="true" rel="canonical" href="https://mariana-tren.ch/blog/tags/"><link data-rh="true" rel="alternate" href="https://mariana-tren.ch/blog/tags/" hreflang="en"><link data-rh="true" rel="alternate" href="https://mariana-tren.ch/blog/tags/" hreflang="x-default"><link rel="alternate" type="application/rss+xml" href="/blog/rss.xml" title="Mariana Trench RSS Feed">
 <link rel="alternate" type="application/atom+xml" href="/blog/atom.xml" title="Mariana Trench Atom Feed"><link rel="stylesheet" href="/assets/css/styles.e56ff910.css">
-<link rel="preload" href="/assets/js/runtime~main.4240a0ef.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.12fefa2a.js" as="script">
 <link rel="preload" href="/assets/js/main.98fb840d.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
 <script>!function(){function t(t){document.documentElement.setAttribute("data-theme",t)}var e=function(){var t=null;try{t=localStorage.getItem("theme")}catch(t){}return t}();t(null!==e?e:"light")}()</script>
 <div style="display: none; text-align: center; background-color: white; color: black;" id="internaldocs-banner"></div><div id="__docusaurus">
 <div role="region" aria-label="theme.common.skipToMainContent"><a href="#" class="skipToContent_fXgn">Skip to main content</a></div><nav class="navbar navbar--fixed-top"><div class="navbar__inner"><div class="navbar__items"><button aria-label="Navigation bar toggle" class="navbar__toggle clean-btn" type="button" tabindex="0"><svg width="30" height="30" viewBox="0 0 30 30" aria-hidden="true"><path stroke="currentColor" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2" d="M4 7h22M4 15h22M4 23h22"></path></svg></button><a class="navbar__brand" href="/"><b class="navbar__title text--truncate">Mariana Trench</b></a><a class="navbar__item navbar__link" href="/docs/overview/">Documentation</a></div><div class="navbar__items navbar__items--right"><a href="https://github.com/facebook/mariana-trench" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link">GitHub<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a><div class="searchBox_ZlJk"></div></div></div><div role="presentation" class="navbar-sidebar__backdrop"></div></nav><div class="main-wrapper mainWrapper_z2l0"><div class="container margin-vert--lg"><div class="row"><aside class="col col--3"><nav class="sidebar_re4s thin-scrollbar" aria-label="Blog recent posts navigation"><div class="sidebarItemTitle_pO2u margin-bottom--md">Recent posts</div><ul class="sidebarItemList_Yudw clean-list"><li class="sidebarItem__DBe"><a class="sidebarItemLink_mo7H" href="/blog/welcome/">Welcome</a></li></ul></nav></aside><main class="col col--7" itemscope="" itemtype="http://schema.org/Blog"><h1>Tags</h1><section class="margin-vert--lg"><article><h2>F</h2><ul class="padding--none"><li class="tag_Nnez"><a class="tag_zVej tagWithCount_h2kH" href="/blog/tags/facebook/">facebook<span>1</span></a></li></ul><hr></article><article><h2>H</h2><ul class="padding--none"><li class="tag_Nnez"><a class="tag_zVej tagWithCount_h2kH" href="/blog/tags/hello/">hello<span>1</span></a></li></ul><hr></article></section></main></div></div></div><footer class="footer footer--dark"><div class="container container-fluid"><div class="row footer__links"><div class="col footer__col"><div class="footer__title">Learn</div><ul class="footer__items clean-list"><li class="footer__item"><a class="footer__link-item" href="/docs/getting-started/">Getting Started</a></li></ul></div><div class="col footer__col"><div class="footer__title">Community</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://twitter.com/metaOpenSource" target="_blank" rel="noopener noreferrer" class="footer__link-item">Twitter<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div><div class="col footer__col"><div class="footer__title">More</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://github.com/facebook/mariana-trench" target="_blank" rel="noopener noreferrer" class="footer__link-item">GitHub<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div><div class="col footer__col"><div class="footer__title">Legal</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://opensource.facebook.com/legal/privacy/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Privacy<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li class="footer__item"><a href="https://opensource.facebook.com/legal/terms/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Terms<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div></div><div class="footer__bottom text--center"><div class="margin-bottom--sm"><a href="https://opensource.facebook.com" rel="noopener noreferrer" class="footerLogoLink_BH7S"><img src="/img/oss_logo.png" alt="Facebook Open Source Logo" class="themedImage_ToTc themedImage--light_HNdA footer__logo"><img src="/img/oss_logo.png" alt="Facebook Open Source Logo" class="themedImage_ToTc themedImage--dark_i4oU footer__logo"></a></div><div class="footer__copyright">Copyright © 2023 Meta Platforms, Inc. Built with Docusaurus.</div></div></div></footer></div>
-<script src="/assets/js/runtime~main.4240a0ef.js"></script>
+<script src="/assets/js/runtime~main.12fefa2a.js"></script>
 <script src="/assets/js/main.98fb840d.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/blog/welcome/index.html b/blog/welcome/index.html
index e60b1791..4db5097d 100644
--- a/blog/welcome/index.html
+++ b/blog/welcome/index.html
@@ -5,14 +5,14 @@
 <meta name="generator" content="Docusaurus v2.1.0">
 <title data-rh="true">Welcome | Mariana Trench</title><meta data-rh="true" name="viewport" content="width=device-width,initial-scale=1"><meta data-rh="true" name="twitter:card" content="summary_large_image"><meta data-rh="true" property="og:url" content="https://mariana-tren.ch/blog/welcome/"><meta data-rh="true" name="docusaurus_locale" content="en"><meta data-rh="true" name="docusaurus_tag" content="default"><meta data-rh="true" name="docsearch:language" content="en"><meta data-rh="true" name="docsearch:docusaurus_tag" content="default"><meta data-rh="true" property="og:title" content="Welcome | Mariana Trench"><meta data-rh="true" name="description" content="First post"><meta data-rh="true" property="og:description" content="First post"><meta data-rh="true" property="og:type" content="article"><meta data-rh="true" property="article:published_time" content="2020-01-27T00:00:00.000Z"><meta data-rh="true" property="article:author" content="https://github.com/facebook/mariana-trench"><meta data-rh="true" property="article:tag" content="facebook,hello"><link data-rh="true" rel="icon" href="/img/favicon.ico"><link data-rh="true" rel="canonical" href="https://mariana-tren.ch/blog/welcome/"><link data-rh="true" rel="alternate" href="https://mariana-tren.ch/blog/welcome/" hreflang="en"><link data-rh="true" rel="alternate" href="https://mariana-tren.ch/blog/welcome/" hreflang="x-default"><link rel="alternate" type="application/rss+xml" href="/blog/rss.xml" title="Mariana Trench RSS Feed">
 <link rel="alternate" type="application/atom+xml" href="/blog/atom.xml" title="Mariana Trench Atom Feed"><link rel="stylesheet" href="/assets/css/styles.e56ff910.css">
-<link rel="preload" href="/assets/js/runtime~main.4240a0ef.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.12fefa2a.js" as="script">
 <link rel="preload" href="/assets/js/main.98fb840d.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
 <script>!function(){function t(t){document.documentElement.setAttribute("data-theme",t)}var e=function(){var t=null;try{t=localStorage.getItem("theme")}catch(t){}return t}();t(null!==e?e:"light")}()</script>
 <div style="display: none; text-align: center; background-color: white; color: black;" id="internaldocs-banner"></div><div id="__docusaurus">
 <div role="region" aria-label="theme.common.skipToMainContent"><a href="#" class="skipToContent_fXgn">Skip to main content</a></div><nav class="navbar navbar--fixed-top"><div class="navbar__inner"><div class="navbar__items"><button aria-label="Navigation bar toggle" class="navbar__toggle clean-btn" type="button" tabindex="0"><svg width="30" height="30" viewBox="0 0 30 30" aria-hidden="true"><path stroke="currentColor" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2" d="M4 7h22M4 15h22M4 23h22"></path></svg></button><a class="navbar__brand" href="/"><b class="navbar__title text--truncate">Mariana Trench</b></a><a class="navbar__item navbar__link" href="/docs/overview/">Documentation</a></div><div class="navbar__items navbar__items--right"><a href="https://github.com/facebook/mariana-trench" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link">GitHub<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a><div class="searchBox_ZlJk"></div></div></div><div role="presentation" class="navbar-sidebar__backdrop"></div></nav><div class="main-wrapper mainWrapper_z2l0"><div class="container margin-vert--lg"><div class="row"><aside class="col col--3"><nav class="sidebar_re4s thin-scrollbar" aria-label="Blog recent posts navigation"><div class="sidebarItemTitle_pO2u margin-bottom--md">Recent posts</div><ul class="sidebarItemList_Yudw clean-list"><li class="sidebarItem__DBe"><a aria-current="page" class="sidebarItemLink_mo7H sidebarItemLinkActive_I1ZP" href="/blog/welcome/">Welcome</a></li></ul></nav></aside><main class="col col--7" itemscope="" itemtype="http://schema.org/Blog"><article itemprop="blogPost" itemscope="" itemtype="http://schema.org/BlogPosting"><header><h1 class="title_f1Hy" itemprop="headline">Welcome</h1><div class="container_mt6G margin-vert--md"><time datetime="2020-01-27T00:00:00.000Z" itemprop="datePublished">January 27, 2020</time> · <!-- -->One min read</div><div class="margin-top--md margin-bottom--sm row"><div class="col col--6 authorCol_Hf19"><div class="avatar margin-bottom--sm"><a href="https://github.com/facebook/mariana-trench" target="_blank" rel="noopener noreferrer" class="avatar__photo-link"><img class="avatar__photo" src="https://avatars.githubusercontent.com/u/19538647?v=4" alt="Mariana Trench Team"></a><div class="avatar__intro" itemprop="author" itemscope="" itemtype="https://schema.org/Person"><div class="avatar__name"><a href="https://github.com/facebook/mariana-trench" target="_blank" rel="noopener noreferrer" itemprop="url"><span itemprop="name">Mariana Trench Team</span></a></div><small class="avatar__subtitle" itemprop="description">Mariana Trench Team</small></div></div></div></div></header><div id="post-content" class="markdown" itemprop="articleBody"><p>First post</p></div><footer class="row docusaurus-mt-lg blogPostFooterDetailsFull_mRVl"><div class="col"><b>Tags:</b><ul class="tags_jXut padding--none margin-left--sm"><li class="tag_QGVx"><a class="tag_zVej tagRegular_sFm0" href="/blog/tags/facebook/">facebook</a></li><li class="tag_QGVx"><a class="tag_zVej tagRegular_sFm0" href="/blog/tags/hello/">hello</a></li></ul></div></footer></article></main></div></div></div><footer class="footer footer--dark"><div class="container container-fluid"><div class="row footer__links"><div class="col footer__col"><div class="footer__title">Learn</div><ul class="footer__items clean-list"><li class="footer__item"><a class="footer__link-item" href="/docs/getting-started/">Getting Started</a></li></ul></div><div class="col footer__col"><div class="footer__title">Community</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://twitter.com/metaOpenSource" target="_blank" rel="noopener noreferrer" class="footer__link-item">Twitter<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div><div class="col footer__col"><div class="footer__title">More</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://github.com/facebook/mariana-trench" target="_blank" rel="noopener noreferrer" class="footer__link-item">GitHub<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div><div class="col footer__col"><div class="footer__title">Legal</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://opensource.facebook.com/legal/privacy/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Privacy<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li class="footer__item"><a href="https://opensource.facebook.com/legal/terms/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Terms<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div></div><div class="footer__bottom text--center"><div class="margin-bottom--sm"><a href="https://opensource.facebook.com" rel="noopener noreferrer" class="footerLogoLink_BH7S"><img src="/img/oss_logo.png" alt="Facebook Open Source Logo" class="themedImage_ToTc themedImage--light_HNdA footer__logo"><img src="/img/oss_logo.png" alt="Facebook Open Source Logo" class="themedImage_ToTc themedImage--dark_i4oU footer__logo"></a></div><div class="footer__copyright">Copyright © 2023 Meta Platforms, Inc. Built with Docusaurus.</div></div></div></footer></div>
-<script src="/assets/js/runtime~main.4240a0ef.js"></script>
+<script src="/assets/js/runtime~main.12fefa2a.js"></script>
 <script src="/assets/js/main.98fb840d.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/docs/configuration/index.html b/docs/configuration/index.html
index b8386cd2..f34b502a 100644
--- a/docs/configuration/index.html
+++ b/docs/configuration/index.html
@@ -5,14 +5,14 @@
 <meta name="generator" content="Docusaurus v2.1.0">
 <title data-rh="true">Configuration | Mariana Trench</title><meta data-rh="true" name="viewport" content="width=device-width,initial-scale=1"><meta data-rh="true" name="twitter:card" content="summary_large_image"><meta data-rh="true" property="og:url" content="https://mariana-tren.ch/docs/configuration/"><meta data-rh="true" name="docusaurus_locale" content="en"><meta data-rh="true" name="docsearch:language" content="en"><meta data-rh="true" name="docusaurus_version" content="current"><meta data-rh="true" name="docusaurus_tag" content="docs-default-current"><meta data-rh="true" name="docsearch:version" content="current"><meta data-rh="true" name="docsearch:docusaurus_tag" content="docs-default-current"><meta data-rh="true" property="og:title" content="Configuration | Mariana Trench"><meta data-rh="true" name="description" content="Mariana Trench is highly configurable and we recommend that you invest time into adjusting the tool to your specific use cases. At Facebook, we have dedicated security engineers that will spend a significant amount of their time adding new rules and model generators to improve the analysis results."><meta data-rh="true" property="og:description" content="Mariana Trench is highly configurable and we recommend that you invest time into adjusting the tool to your specific use cases. At Facebook, we have dedicated security engineers that will spend a significant amount of their time adding new rules and model generators to improve the analysis results."><link data-rh="true" rel="icon" href="/img/favicon.ico"><link data-rh="true" rel="canonical" href="https://mariana-tren.ch/docs/configuration/"><link data-rh="true" rel="alternate" href="https://mariana-tren.ch/docs/configuration/" hreflang="en"><link data-rh="true" rel="alternate" href="https://mariana-tren.ch/docs/configuration/" hreflang="x-default"><link rel="alternate" type="application/rss+xml" href="/blog/rss.xml" title="Mariana Trench RSS Feed">
 <link rel="alternate" type="application/atom+xml" href="/blog/atom.xml" title="Mariana Trench Atom Feed"><link rel="stylesheet" href="/assets/css/styles.e56ff910.css">
-<link rel="preload" href="/assets/js/runtime~main.4240a0ef.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.12fefa2a.js" as="script">
 <link rel="preload" href="/assets/js/main.98fb840d.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
 <script>!function(){function t(t){document.documentElement.setAttribute("data-theme",t)}var e=function(){var t=null;try{t=localStorage.getItem("theme")}catch(t){}return t}();t(null!==e?e:"light")}()</script>
 <div style="display: none; text-align: center; background-color: white; color: black;" id="internaldocs-banner"></div><div id="__docusaurus">
 <div role="region" aria-label="theme.common.skipToMainContent"><a href="#" class="skipToContent_fXgn">Skip to main content</a></div><nav class="navbar navbar--fixed-top"><div class="navbar__inner"><div class="navbar__items"><button aria-label="Navigation bar toggle" class="navbar__toggle clean-btn" type="button" tabindex="0"><svg width="30" height="30" viewBox="0 0 30 30" aria-hidden="true"><path stroke="currentColor" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2" d="M4 7h22M4 15h22M4 23h22"></path></svg></button><a class="navbar__brand" href="/"><b class="navbar__title text--truncate">Mariana Trench</b></a><a aria-current="page" class="navbar__item navbar__link navbar__link--active" href="/docs/overview/">Documentation</a></div><div class="navbar__items navbar__items--right"><a href="https://github.com/facebook/mariana-trench" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link">GitHub<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a><div class="searchBox_ZlJk"></div></div></div><div role="presentation" class="navbar-sidebar__backdrop"></div></nav><div class="main-wrapper mainWrapper_z2l0 docsWrapper_BCFX"><button aria-label="Scroll back to top" class="clean-btn theme-back-to-top-button backToTopButton_sjWU" type="button"></button><div class="docPage__5DB"><aside class="theme-doc-sidebar-container docSidebarContainer_b6E3"><div class="sidebar_njMd"><nav class="menu thin-scrollbar menu_SIkG"><ul class="theme-doc-sidebar-menu menu__list"><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret menu__link--active" aria-expanded="true" href="/docs/overview/">User Guide</a></div><ul style="display:block;overflow:visible;height:auto" class="menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/overview/">Overview</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/getting-started/">Getting Started</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link menu__link--active" aria-current="page" tabindex="0" href="/docs/configuration/">Configuration</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/customize-sources-and-sinks/">Customize Sources and Sinks</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/rules/">Rules</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/models/">Models &amp; Model Generators</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/shims/">Shims</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/feature-descriptions/">Feature Glossary</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/known-false-negatives/">Known False Negatives</a></li></ul></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/docs/contribution/">Developer Guide</a></div></li></ul></nav></div></aside><main class="docMainContainer_gTbr"><div class="container padding-top--md padding-bottom--lg"><div class="row"><div class="col docItemCol_VOVn"><div class="docItemContainer_Djhp"><article><nav class="theme-doc-breadcrumbs breadcrumbsContainer_Z_bl" aria-label="Breadcrumbs"><ul class="breadcrumbs" itemscope="" itemtype="https://schema.org/BreadcrumbList"><li class="breadcrumbs__item"><a aria-label="Home page" class="breadcrumbs__link" href="/"><svg viewBox="0 0 24 24" class="breadcrumbHomeIcon_OVgt"><path d="M10 19v-5h4v5c0 .55.45 1 1 1h3c.55 0 1-.45 1-1v-7h1.7c.46 0 .68-.57.33-.87L12.67 3.6c-.38-.34-.96-.34-1.34 0l-8.36 7.53c-.34.3-.13.87.33.87H5v7c0 .55.45 1 1 1h3c.55 0 1-.45 1-1z" fill="currentColor"></path></svg></a></li><li class="breadcrumbs__item"><span class="breadcrumbs__link">User Guide</span><meta itemprop="position" content="1"></li><li itemscope="" itemprop="itemListElement" itemtype="https://schema.org/ListItem" class="breadcrumbs__item breadcrumbs__item--active"><span class="breadcrumbs__link" itemprop="name">Configuration</span><meta itemprop="position" content="2"></li></ul></nav><div class="tocCollapsible_ETCw theme-doc-toc-mobile tocMobile_ITEo"><button type="button" class="clean-btn tocCollapsibleButton_TO0P">On this page</button></div><div class="theme-doc-markdown markdown"><header><h1>Configuration</h1></header><p>Mariana Trench is highly configurable and we recommend that you invest time into adjusting the tool to your specific use cases. At Facebook, we have dedicated security engineers that will spend a significant amount of their time adding new rules and model generators to improve the analysis results.</p><p>This page will cover the more important, non-trivial configuration options. Note that you will spend most of your time configuring Mariana Trench writing model generators. These are covered in the <a href="/docs/models/">next section</a>.</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="command-line-options">Command Line Options<a class="hash-link" href="#command-line-options" title="Direct link to heading">​</a></h2><p>You can get a full set of options by running <code>mariana-trench --help</code>. The following is an abbreviated version of the output.</p><div class="language-shell codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-shell codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">$ mariana-trench --help</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">Target arguments:</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  --apk-path APK_PATH   The APK to analyze.</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">Output arguments:</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  --output-directory OUTPUT_DIRECTORY</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">                        The directory to store results in.</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">Configuration arguments:</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  --system-jar-configuration-path SYSTEM_JAR_CONFIGURATION_PATH</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">                        A JSON configuration </span><span class="token function" style="color:rgb(130, 170, 255)">file</span><span class="token plain"> with a list of paths to the system jars.</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  --rules-paths RULES_PATHS</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">                        A </span><span class="token variable" style="color:rgb(191, 199, 213)">`</span><span class="token variable punctuation" style="color:rgb(199, 146, 234)">;</span><span class="token variable" style="color:rgb(191, 199, 213)">`</span><span class="token plain">-separated list of rules files and directories containing rules files.</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  --repository-root-directory REPOSITORY_ROOT_DIRECTORY</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">                        The root of the repository. Resulting paths will be relative to this.</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  --source-root-directory SOURCE_ROOT_DIRECTORY</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">                        The root where </span><span class="token builtin class-name" style="color:rgb(255, 203, 107)">source</span><span class="token plain"> files </span><span class="token keyword" style="font-style:italic">for</span><span class="token plain"> the APK can be found.</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  --model-generator-configuration-paths MODEL_GENERATOR_CONFIGURATION_PATHS</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">                        A </span><span class="token variable" style="color:rgb(191, 199, 213)">`</span><span class="token variable punctuation" style="color:rgb(199, 146, 234)">;</span><span class="token variable" style="color:rgb(191, 199, 213)">`</span><span class="token plain">-separated list of paths specifying JSON configuration files. Each </span><span class="token function" style="color:rgb(130, 170, 255)">file</span><span class="token plain"> is a list of paths to JSON model generators relative to the</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">                        configuration </span><span class="token function" style="color:rgb(130, 170, 255)">file</span><span class="token plain"> or names of CPP model generators.</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  --model-generator-search-paths MODEL_GENERATOR_SEARCH_PATHS</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">                        A </span><span class="token variable" style="color:rgb(191, 199, 213)">`</span><span class="token variable punctuation" style="color:rgb(199, 146, 234)">;</span><span class="token variable" style="color:rgb(191, 199, 213)">`</span><span class="token plain">-separated list of paths where we </span><span class="token function" style="color:rgb(130, 170, 255)">look</span><span class="token plain"> up JSON model generators.</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  --maximum-source-sink-distance MAXIMUM_SOURCE_SINK_DISTANCE</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">                        Limits the distance of sources and sinks from a trace entry point.</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><h4 class="anchor anchorWithStickyNavbar_LWe7" id="--apk-path"><code>--apk-path</code><a class="hash-link" href="#--apk-path" title="Direct link to heading">​</a></h4><p>Mariana Trench analyzes Dalvik bytecode. You provide it with the android app (APK) to analyze.</p><h4 class="anchor anchorWithStickyNavbar_LWe7" id="--output-directory-output_directory"><code>--output-directory OUTPUT_DIRECTORY</code><a class="hash-link" href="#--output-directory-output_directory" title="Direct link to heading">​</a></h4><p>The output of the analysis is a file containing metadata about the particular run in JSON format as well as sharded files containing data flow specifications for every method in the APK. These files need to be processed by SAPP (see <a href="/docs/getting-started/">Getting Started</a>) after the analysis. The flag specifies where these files are saved.</p><h4 class="anchor anchorWithStickyNavbar_LWe7" id="--system-jar-configuration-path-system_jar_configuration_path"><code>--system-jar-configuration-path SYSTEM_JAR_CONFIGURATION_PATH</code><a class="hash-link" href="#--system-jar-configuration-path-system_jar_configuration_path" title="Direct link to heading">​</a></h4><p>This path points to a json file containing a list of <code>.jar</code> files that the analysis should include in the analysis. It&#x27;s important that this contains at least the <code>android.jar</code> on your system. This file is typically located in your android SDK distribution at <code>$ANDROID_SDK/platforms/android-30/android.jar</code>. Without the <code>android.jar</code>, Mariana Trench will not know about many methods from the standard library that might be important for your model generators.</p><h4 class="anchor anchorWithStickyNavbar_LWe7" id="--rules-paths-rules_paths"><code>--rules-paths RULES_PATHS</code><a class="hash-link" href="#--rules-paths-rules_paths" title="Direct link to heading">​</a></h4><p>A <code>;</code> separated search path pointing to files and directories containing rules files. These files specify what taint flows Mariana Trench should look for. Check out the <a href="https://github.com/facebook/mariana-trench/blob/main/configuration/rules.json#L2-L13" target="_blank" rel="noopener noreferrer"><code>rules.json</code></a> that&#x27;s provided by default. It specifies that we want to find flows from user controlled input (<code>ActivityUserInput</code>) into <code>CodeExecution</code> sinks and that this constitutes a remote code execution.</p><h4 class="anchor anchorWithStickyNavbar_LWe7" id="--source-root-directory-source_root_directory"><code>--source-root-directory SOURCE_ROOT_DIRECTORY</code><a class="hash-link" href="#--source-root-directory-source_root_directory" title="Direct link to heading">​</a></h4><p>Mariana Trench will do a source indexing path before the analysis. This is because Dalvik/Java bytecode does not contain complete location information, only filenames (not paths) and line numbers. The index is later used to emit precise locations.</p><h4 class="anchor anchorWithStickyNavbar_LWe7" id="--model-generator-configuration-paths-model_generator_configuration_paths"><code>--model-generator-configuration-paths MODEL_GENERATOR_CONFIGURATION_PATHS</code><a class="hash-link" href="#--model-generator-configuration-paths-model_generator_configuration_paths" title="Direct link to heading">​</a></h4><p>A <code>;</code> separated set of files containing the names of model generators to run. See <a href="https://github.com/facebook/mariana-trench/blob/main/configuration/default_generator_config.json" target="_blank" rel="noopener noreferrer"><code>default_generator_config.json</code></a> for an example.</p><h4 class="anchor anchorWithStickyNavbar_LWe7" id="--model-generator-search-paths-model_generator_search_paths"><code>--model-generator-search-paths MODEL_GENERATOR_SEARCH_PATHS</code><a class="hash-link" href="#--model-generator-search-paths-model_generator_search_paths" title="Direct link to heading">​</a></h4><p>A <code>;</code> separated search path where Mariana Trench will try to find the model generators specified in the generator configuration.</p><h4 class="anchor anchorWithStickyNavbar_LWe7" id="--maximum-source-sink-distance-maximum_source_sink_distance"><code>--maximum-source-sink-distance MAXIMUM_SOURCE_SINK_DISTANCE</code><a class="hash-link" href="#--maximum-source-sink-distance-maximum_source_sink_distance" title="Direct link to heading">​</a></h4><p>For performance reasons it can be useful to limit the maximum length of a trace Mariana Trench tries to find (note that longer traces also tend to be harder to interpret). Due to the modular nature of the analysis the value specified here limits the maximum length from the trace root to the source, and from the trace root to the sink. This means found traces can have length of <code>2 x MAXIMUM_SOURCE_SINK_DISTANCE</code>.</p></div><footer class="theme-doc-footer docusaurus-mt-lg"><div class="theme-doc-footer-edit-meta-row row"><div class="col"><a href="https://github.com/facebook/mariana-trench/tree/main/documentation/website/documentation/configuration.md" target="_blank" rel="noreferrer noopener" class="theme-edit-this-page"><svg fill="currentColor" height="20" width="20" viewBox="0 0 40 40" class="iconEdit_Z9Sw" aria-hidden="true"><g><path d="m34.5 11.7l-3 3.1-6.3-6.3 3.1-3q0.5-0.5 1.2-0.5t1.1 0.5l3.9 3.9q0.5 0.4 0.5 1.1t-0.5 1.2z m-29.5 17.1l18.4-18.5 6.3 6.3-18.4 18.4h-6.3v-6.2z"></path></g></svg>Edit this page</a></div><div class="col lastUpdated_vwxv"></div></div></footer></article><nav class="pagination-nav docusaurus-mt-lg" aria-label="Docs pages navigation"><a class="pagination-nav__link pagination-nav__link--prev" href="/docs/getting-started/"><div class="pagination-nav__sublabel">Previous</div><div class="pagination-nav__label">Getting Started</div></a><a class="pagination-nav__link pagination-nav__link--next" href="/docs/customize-sources-and-sinks/"><div class="pagination-nav__sublabel">Next</div><div class="pagination-nav__label">Customize Sources and Sinks</div></a></nav></div></div><div class="col col--3"><div class="tableOfContents_bqdL thin-scrollbar theme-doc-toc-desktop"><ul class="table-of-contents table-of-contents__left-border"><li><a href="#command-line-options" class="table-of-contents__link toc-highlight">Command Line Options</a></li></ul></div></div></div></div></main></div></div><footer class="footer footer--dark"><div class="container container-fluid"><div class="row footer__links"><div class="col footer__col"><div class="footer__title">Learn</div><ul class="footer__items clean-list"><li class="footer__item"><a class="footer__link-item" href="/docs/getting-started/">Getting Started</a></li></ul></div><div class="col footer__col"><div class="footer__title">Community</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://twitter.com/metaOpenSource" target="_blank" rel="noopener noreferrer" class="footer__link-item">Twitter<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div><div class="col footer__col"><div class="footer__title">More</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://github.com/facebook/mariana-trench" target="_blank" rel="noopener noreferrer" class="footer__link-item">GitHub<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div><div class="col footer__col"><div class="footer__title">Legal</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://opensource.facebook.com/legal/privacy/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Privacy<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li class="footer__item"><a href="https://opensource.facebook.com/legal/terms/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Terms<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div></div><div class="footer__bottom text--center"><div class="margin-bottom--sm"><a href="https://opensource.facebook.com" rel="noopener noreferrer" class="footerLogoLink_BH7S"><img src="/img/oss_logo.png" alt="Facebook Open Source Logo" class="themedImage_ToTc themedImage--light_HNdA footer__logo"><img src="/img/oss_logo.png" alt="Facebook Open Source Logo" class="themedImage_ToTc themedImage--dark_i4oU footer__logo"></a></div><div class="footer__copyright">Copyright © 2023 Meta Platforms, Inc. Built with Docusaurus.</div></div></div></footer></div>
-<script src="/assets/js/runtime~main.4240a0ef.js"></script>
+<script src="/assets/js/runtime~main.12fefa2a.js"></script>
 <script src="/assets/js/main.98fb840d.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/docs/contribution/index.html b/docs/contribution/index.html
index dc9aba29..c9a30c1d 100644
--- a/docs/contribution/index.html
+++ b/docs/contribution/index.html
@@ -5,7 +5,7 @@
 <meta name="generator" content="Docusaurus v2.1.0">
 <title data-rh="true">Contribution | Mariana Trench</title><meta data-rh="true" name="viewport" content="width=device-width,initial-scale=1"><meta data-rh="true" name="twitter:card" content="summary_large_image"><meta data-rh="true" property="og:url" content="https://mariana-tren.ch/docs/contribution/"><meta data-rh="true" name="docusaurus_locale" content="en"><meta data-rh="true" name="docsearch:language" content="en"><meta data-rh="true" name="docusaurus_version" content="current"><meta data-rh="true" name="docusaurus_tag" content="docs-default-current"><meta data-rh="true" name="docsearch:version" content="current"><meta data-rh="true" name="docsearch:docusaurus_tag" content="docs-default-current"><meta data-rh="true" property="og:title" content="Contribution | Mariana Trench"><meta data-rh="true" name="description" content="This documentation aims to help you become an active contributor to Mariana Trench."><meta data-rh="true" property="og:description" content="This documentation aims to help you become an active contributor to Mariana Trench."><link data-rh="true" rel="icon" href="/img/favicon.ico"><link data-rh="true" rel="canonical" href="https://mariana-tren.ch/docs/contribution/"><link data-rh="true" rel="alternate" href="https://mariana-tren.ch/docs/contribution/" hreflang="en"><link data-rh="true" rel="alternate" href="https://mariana-tren.ch/docs/contribution/" hreflang="x-default"><link rel="alternate" type="application/rss+xml" href="/blog/rss.xml" title="Mariana Trench RSS Feed">
 <link rel="alternate" type="application/atom+xml" href="/blog/atom.xml" title="Mariana Trench Atom Feed"><link rel="stylesheet" href="/assets/css/styles.e56ff910.css">
-<link rel="preload" href="/assets/js/runtime~main.4240a0ef.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.12fefa2a.js" as="script">
 <link rel="preload" href="/assets/js/main.98fb840d.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -15,7 +15,7 @@
 We recommend to run this step inside a <a href="https://packaging.python.org/tutorials/installing-packages/#creating-virtual-environments" target="_blank" rel="noopener noreferrer">virtual environment</a>.</p><div class="language-shell codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-shell codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">$ </span><span class="token builtin class-name" style="color:rgb(255, 203, 107)">cd</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">..</span><span class="token plain"> </span><span class="token comment" style="color:rgb(105, 112, 152);font-style:italic"># Go back to the root directory</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">$ python scripts/setup.py </span><span class="token punctuation" style="color:rgb(199, 146, 234)">\</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  --binary </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;</span><span class="token string variable" style="color:rgb(191, 199, 213)">$MT_INSTALL_DIRECTORY</span><span class="token string" style="color:rgb(195, 232, 141)">/bin/mariana-trench-binary&quot;</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">\</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  --pyredex </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;</span><span class="token string variable" style="color:rgb(191, 199, 213)">$MT_INSTALL_DIRECTORY</span><span class="token string" style="color:rgb(195, 232, 141)">/bin/pyredex&quot;</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">\</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token function" style="color:rgb(130, 170, 255)">install</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><h2 class="anchor anchorWithStickyNavbar_LWe7" id="development">Development<a class="hash-link" href="#development" title="Direct link to heading">​</a></h2><p>If you are making changes to Mariana Trench, you can use the <code>mariana-trench</code> wrapper inside the build directory:</p><div class="language-shell codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-shell codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">$ </span><span class="token builtin class-name" style="color:rgb(255, 203, 107)">cd</span><span class="token plain"> build</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">$ ./mariana-trench --help</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>This way, you don&#x27;t have to call <code>scripts/setup.py</code> between every changes.
 Python changes will be automatically picked up.
 C++ changes will be picked up after running <code>make</code>.</p><p>Note that you will need to install all python dependencies:</p><div class="language-shell codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-shell codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">$ pip </span><span class="token function" style="color:rgb(130, 170, 255)">install</span><span class="token plain"> pyre_extensions fb-sapp</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><h2 class="anchor anchorWithStickyNavbar_LWe7" id="run-the-tests">Run the tests<a class="hash-link" href="#run-the-tests" title="Direct link to heading">​</a></h2><p>To run the tests after building Mariana Trench, use:</p><div class="language-shell codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-shell codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">$ </span><span class="token builtin class-name" style="color:rgb(255, 203, 107)">cd</span><span class="token plain"> build</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">$ </span><span class="token function" style="color:rgb(130, 170, 255)">make</span><span class="token plain"> check</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div></div><footer class="theme-doc-footer docusaurus-mt-lg"><div class="theme-doc-footer-edit-meta-row row"><div class="col"><a href="https://github.com/facebook/mariana-trench/tree/main/documentation/website/documentation/contribution.md" target="_blank" rel="noreferrer noopener" class="theme-edit-this-page"><svg fill="currentColor" height="20" width="20" viewBox="0 0 40 40" class="iconEdit_Z9Sw" aria-hidden="true"><g><path d="m34.5 11.7l-3 3.1-6.3-6.3 3.1-3q0.5-0.5 1.2-0.5t1.1 0.5l3.9 3.9q0.5 0.4 0.5 1.1t-0.5 1.2z m-29.5 17.1l18.4-18.5 6.3 6.3-18.4 18.4h-6.3v-6.2z"></path></g></svg>Edit this page</a></div><div class="col lastUpdated_vwxv"></div></div></footer></article><nav class="pagination-nav docusaurus-mt-lg" aria-label="Docs pages navigation"><a class="pagination-nav__link pagination-nav__link--prev" href="/docs/known-false-negatives/"><div class="pagination-nav__sublabel">Previous</div><div class="pagination-nav__label">Known False Negatives</div></a><a class="pagination-nav__link pagination-nav__link--next" href="/docs/debugging-fp-fns/"><div class="pagination-nav__sublabel">Next</div><div class="pagination-nav__label">Debugging False Positives/False Negatives</div></a></nav></div></div><div class="col col--3"><div class="tableOfContents_bqdL thin-scrollbar theme-doc-toc-desktop"><ul class="table-of-contents table-of-contents__left-border"><li><a href="#building-from-source" class="table-of-contents__link toc-highlight">Building From Source</a><ul><li><a href="#support" class="table-of-contents__link toc-highlight">Support</a></li><li><a href="#dependencies" class="table-of-contents__link toc-highlight">Dependencies</a></li><li><a href="#install-all-dependencies-with-homebrew" class="table-of-contents__link toc-highlight">Install all dependencies with Homebrew</a></li><li><a href="#building-fmt" class="table-of-contents__link toc-highlight">Building fmt</a></li><li><a href="#building-redex" class="table-of-contents__link toc-highlight">Building Redex</a></li><li><a href="#building-mariana-trench" class="table-of-contents__link toc-highlight">Building Mariana Trench</a></li></ul></li><li><a href="#development" class="table-of-contents__link toc-highlight">Development</a></li><li><a href="#run-the-tests" class="table-of-contents__link toc-highlight">Run the tests</a></li></ul></div></div></div></div></main></div></div><footer class="footer footer--dark"><div class="container container-fluid"><div class="row footer__links"><div class="col footer__col"><div class="footer__title">Learn</div><ul class="footer__items clean-list"><li class="footer__item"><a class="footer__link-item" href="/docs/getting-started/">Getting Started</a></li></ul></div><div class="col footer__col"><div class="footer__title">Community</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://twitter.com/metaOpenSource" target="_blank" rel="noopener noreferrer" class="footer__link-item">Twitter<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div><div class="col footer__col"><div class="footer__title">More</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://github.com/facebook/mariana-trench" target="_blank" rel="noopener noreferrer" class="footer__link-item">GitHub<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div><div class="col footer__col"><div class="footer__title">Legal</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://opensource.facebook.com/legal/privacy/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Privacy<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li class="footer__item"><a href="https://opensource.facebook.com/legal/terms/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Terms<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div></div><div class="footer__bottom text--center"><div class="margin-bottom--sm"><a href="https://opensource.facebook.com" rel="noopener noreferrer" class="footerLogoLink_BH7S"><img src="/img/oss_logo.png" alt="Facebook Open Source Logo" class="themedImage_ToTc themedImage--light_HNdA footer__logo"><img src="/img/oss_logo.png" alt="Facebook Open Source Logo" class="themedImage_ToTc themedImage--dark_i4oU footer__logo"></a></div><div class="footer__copyright">Copyright © 2023 Meta Platforms, Inc. Built with Docusaurus.</div></div></div></footer></div>
-<script src="/assets/js/runtime~main.4240a0ef.js"></script>
+<script src="/assets/js/runtime~main.12fefa2a.js"></script>
 <script src="/assets/js/main.98fb840d.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/docs/customize-sources-and-sinks/index.html b/docs/customize-sources-and-sinks/index.html
index 33b3baca..480ead6f 100644
--- a/docs/customize-sources-and-sinks/index.html
+++ b/docs/customize-sources-and-sinks/index.html
@@ -5,14 +5,14 @@
 <meta name="generator" content="Docusaurus v2.1.0">
 <title data-rh="true">Customize Sources and Sinks | Mariana Trench</title><meta data-rh="true" name="viewport" content="width=device-width,initial-scale=1"><meta data-rh="true" name="twitter:card" content="summary_large_image"><meta data-rh="true" property="og:url" content="https://mariana-tren.ch/docs/customize-sources-and-sinks/"><meta data-rh="true" name="docusaurus_locale" content="en"><meta data-rh="true" name="docsearch:language" content="en"><meta data-rh="true" name="docusaurus_version" content="current"><meta data-rh="true" name="docusaurus_tag" content="docs-default-current"><meta data-rh="true" name="docsearch:version" content="current"><meta data-rh="true" name="docsearch:docusaurus_tag" content="docs-default-current"><meta data-rh="true" property="og:title" content="Customize Sources and Sinks | Mariana Trench"><meta data-rh="true" name="description" content="This page provides a high-level overview of the steps needed to update or create new sources and sinks."><meta data-rh="true" property="og:description" content="This page provides a high-level overview of the steps needed to update or create new sources and sinks."><link data-rh="true" rel="icon" href="/img/favicon.ico"><link data-rh="true" rel="canonical" href="https://mariana-tren.ch/docs/customize-sources-and-sinks/"><link data-rh="true" rel="alternate" href="https://mariana-tren.ch/docs/customize-sources-and-sinks/" hreflang="en"><link data-rh="true" rel="alternate" href="https://mariana-tren.ch/docs/customize-sources-and-sinks/" hreflang="x-default"><link rel="alternate" type="application/rss+xml" href="/blog/rss.xml" title="Mariana Trench RSS Feed">
 <link rel="alternate" type="application/atom+xml" href="/blog/atom.xml" title="Mariana Trench Atom Feed"><link rel="stylesheet" href="/assets/css/styles.e56ff910.css">
-<link rel="preload" href="/assets/js/runtime~main.4240a0ef.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.12fefa2a.js" as="script">
 <link rel="preload" href="/assets/js/main.98fb840d.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
 <script>!function(){function t(t){document.documentElement.setAttribute("data-theme",t)}var e=function(){var t=null;try{t=localStorage.getItem("theme")}catch(t){}return t}();t(null!==e?e:"light")}()</script>
 <div style="display: none; text-align: center; background-color: white; color: black;" id="internaldocs-banner"></div><div id="__docusaurus">
 <div role="region" aria-label="theme.common.skipToMainContent"><a href="#" class="skipToContent_fXgn">Skip to main content</a></div><nav class="navbar navbar--fixed-top"><div class="navbar__inner"><div class="navbar__items"><button aria-label="Navigation bar toggle" class="navbar__toggle clean-btn" type="button" tabindex="0"><svg width="30" height="30" viewBox="0 0 30 30" aria-hidden="true"><path stroke="currentColor" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2" d="M4 7h22M4 15h22M4 23h22"></path></svg></button><a class="navbar__brand" href="/"><b class="navbar__title text--truncate">Mariana Trench</b></a><a aria-current="page" class="navbar__item navbar__link navbar__link--active" href="/docs/overview/">Documentation</a></div><div class="navbar__items navbar__items--right"><a href="https://github.com/facebook/mariana-trench" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link">GitHub<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a><div class="searchBox_ZlJk"></div></div></div><div role="presentation" class="navbar-sidebar__backdrop"></div></nav><div class="main-wrapper mainWrapper_z2l0 docsWrapper_BCFX"><button aria-label="Scroll back to top" class="clean-btn theme-back-to-top-button backToTopButton_sjWU" type="button"></button><div class="docPage__5DB"><aside class="theme-doc-sidebar-container docSidebarContainer_b6E3"><div class="sidebar_njMd"><nav class="menu thin-scrollbar menu_SIkG"><ul class="theme-doc-sidebar-menu menu__list"><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret menu__link--active" aria-expanded="true" href="/docs/overview/">User Guide</a></div><ul style="display:block;overflow:visible;height:auto" class="menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/overview/">Overview</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/getting-started/">Getting Started</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/configuration/">Configuration</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link menu__link--active" aria-current="page" tabindex="0" href="/docs/customize-sources-and-sinks/">Customize Sources and Sinks</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/rules/">Rules</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/models/">Models &amp; Model Generators</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/shims/">Shims</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/feature-descriptions/">Feature Glossary</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/known-false-negatives/">Known False Negatives</a></li></ul></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/docs/contribution/">Developer Guide</a></div></li></ul></nav></div></aside><main class="docMainContainer_gTbr"><div class="container padding-top--md padding-bottom--lg"><div class="row"><div class="col docItemCol_VOVn"><div class="docItemContainer_Djhp"><article><nav class="theme-doc-breadcrumbs breadcrumbsContainer_Z_bl" aria-label="Breadcrumbs"><ul class="breadcrumbs" itemscope="" itemtype="https://schema.org/BreadcrumbList"><li class="breadcrumbs__item"><a aria-label="Home page" class="breadcrumbs__link" href="/"><svg viewBox="0 0 24 24" class="breadcrumbHomeIcon_OVgt"><path d="M10 19v-5h4v5c0 .55.45 1 1 1h3c.55 0 1-.45 1-1v-7h1.7c.46 0 .68-.57.33-.87L12.67 3.6c-.38-.34-.96-.34-1.34 0l-8.36 7.53c-.34.3-.13.87.33.87H5v7c0 .55.45 1 1 1h3c.55 0 1-.45 1-1z" fill="currentColor"></path></svg></a></li><li class="breadcrumbs__item"><span class="breadcrumbs__link">User Guide</span><meta itemprop="position" content="1"></li><li itemscope="" itemprop="itemListElement" itemtype="https://schema.org/ListItem" class="breadcrumbs__item breadcrumbs__item--active"><span class="breadcrumbs__link" itemprop="name">Customize Sources and Sinks</span><meta itemprop="position" content="2"></li></ul></nav><div class="tocCollapsible_ETCw theme-doc-toc-mobile tocMobile_ITEo"><button type="button" class="clean-btn tocCollapsibleButton_TO0P">On this page</button></div><div class="theme-doc-markdown markdown"><header><h1>Customize Sources and Sinks</h1></header><p>This page provides a high-level overview of the steps needed to update or create new sources and sinks.</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="overview">Overview<a class="hash-link" href="#overview" title="Direct link to heading">​</a></h2><p>Under the context of Mariana Trench, we talk about sources and sinks in terms of methods (or, rarely, fields). For example, we may say that the return value of a method is a source (or a sink). We may also say that the 2nd parameter of a method is a source (or a sink). Such description of a method is called a <strong>&quot;model&quot;</strong>. See <a href="/docs/models/">Models &amp; Model Generators</a> for more details about models and writing them.</p><p>To define sources or sinks that are not contained in the default set of <a href="https://github.com/facebook/mariana-trench/tree/main/configuration/model-generators/sources" target="_blank" rel="noopener noreferrer">sources</a> and <a href="https://github.com/facebook/mariana-trench/tree/main/configuration/model-generators/sinks" target="_blank" rel="noopener noreferrer">sinks</a>, a user needs to:</p><ol><li><p>Write one or more JSON files that respect our <a href="/docs/models/">model generator Domain Specific Language (DSL)</a>, which express how to generate models from methods and are hence called <strong>&quot;model generators&quot;</strong>.</p><ul><li>For example, a model generator may say that, for all methods (that will be analyzed by Mariana Trench) whose name is <code>onActivityResult</code>, specify their 2nd parameter as a source.</li></ul><div class="language-json codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-json codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;model_generators&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;find&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;methods&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;where&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">          </span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;name&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">          </span><span class="token property">&quot;pattern&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;onActivityResult&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;model&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;sources&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">          </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">            </span><span class="token property">&quot;kind&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;TestSensitiveUserInput&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">            </span><span class="token property">&quot;port&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Argument(2)&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">          </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div></li><li><p>Instruct Mariana Trench to read from your model generator, so that Mariana Trench will generate models at runtime.</p><ul><li>Intuitively, the models generated (by interpreting model generators) express sources and sinks for each method <strong>before</strong> running Mariana Trench. Based on such models, Mariana Trench will automatically infer <strong>new</strong> models for each method at runtime.</li><li>To instruct Mariana Trench to read from customized JSON model generators, add your json model generator <a href="https://github.com/facebook/mariana-trench/tree/main/configuration/model-generators" target="_blank" rel="noopener noreferrer">here</a>.</li><li>Add the model generator name (i.e, the file name) in the <a href="https://github.com/facebook/mariana-trench/blob/main/configuration/default_generator_config.json" target="_blank" rel="noopener noreferrer">JSON configuration file</a>.</li></ul></li><li><p>Update <strong>&quot;rules&quot;</strong> if necessary.</p><ul><li>Background: Mariana Trench categorizes sources and sinks into different <strong>&quot;kinds&quot;</strong>, which are string-typed. For example, a source may have a kind of<code>JavascriptInterfaceUserInput</code>. A sink may have a kind of <code>Logging</code>. Mariana Trench only finds data flow <strong>from sources of a particular kind to sinks of another paritcular kind</strong>, which are called <strong>&quot;rules&quot;</strong>. See <a href="/docs/rules/">Rules</a> for writing them.</li><li>To specify kinds that are not mentioned in the default set of rules or to specify rules that are different than the default rules, you need to specify a new rule in file <a href="https://github.com/facebook/mariana-trench/blob/main/configuration/rules.json" target="_blank" rel="noopener noreferrer"><code>rules.json</code></a>, in order to instruct Mariana Trench to find data flow that matches the new rule.</li><li>For example, to catch flows from <code>TestSensitiveUserInput</code> in the example above and the sink kind <code>Logging</code>, you can add the following rule to the default <a href="https://github.com/facebook/mariana-trench/blob/main/configuration/rules.json" target="_blank" rel="noopener noreferrer"><code>rules.json</code></a>:</li></ul><div class="language-json codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-json codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token property">&quot;name&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;TestRule&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token property">&quot;code&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token number" style="color:rgb(247, 140, 108)">18</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token property">&quot;description&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;A test rule&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token property">&quot;sources&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">   </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;TestSensitiveUserInput&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token property">&quot;sinks&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">   </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Logging&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div></li></ol></div><footer class="theme-doc-footer docusaurus-mt-lg"><div class="theme-doc-footer-edit-meta-row row"><div class="col"><a href="https://github.com/facebook/mariana-trench/tree/main/documentation/website/documentation/customize_sources_and_sinks.md" target="_blank" rel="noreferrer noopener" class="theme-edit-this-page"><svg fill="currentColor" height="20" width="20" viewBox="0 0 40 40" class="iconEdit_Z9Sw" aria-hidden="true"><g><path d="m34.5 11.7l-3 3.1-6.3-6.3 3.1-3q0.5-0.5 1.2-0.5t1.1 0.5l3.9 3.9q0.5 0.4 0.5 1.1t-0.5 1.2z m-29.5 17.1l18.4-18.5 6.3 6.3-18.4 18.4h-6.3v-6.2z"></path></g></svg>Edit this page</a></div><div class="col lastUpdated_vwxv"></div></div></footer></article><nav class="pagination-nav docusaurus-mt-lg" aria-label="Docs pages navigation"><a class="pagination-nav__link pagination-nav__link--prev" href="/docs/configuration/"><div class="pagination-nav__sublabel">Previous</div><div class="pagination-nav__label">Configuration</div></a><a class="pagination-nav__link pagination-nav__link--next" href="/docs/rules/"><div class="pagination-nav__sublabel">Next</div><div class="pagination-nav__label">Rules</div></a></nav></div></div><div class="col col--3"><div class="tableOfContents_bqdL thin-scrollbar theme-doc-toc-desktop"><ul class="table-of-contents table-of-contents__left-border"><li><a href="#overview" class="table-of-contents__link toc-highlight">Overview</a></li></ul></div></div></div></div></main></div></div><footer class="footer footer--dark"><div class="container container-fluid"><div class="row footer__links"><div class="col footer__col"><div class="footer__title">Learn</div><ul class="footer__items clean-list"><li class="footer__item"><a class="footer__link-item" href="/docs/getting-started/">Getting Started</a></li></ul></div><div class="col footer__col"><div class="footer__title">Community</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://twitter.com/metaOpenSource" target="_blank" rel="noopener noreferrer" class="footer__link-item">Twitter<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div><div class="col footer__col"><div class="footer__title">More</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://github.com/facebook/mariana-trench" target="_blank" rel="noopener noreferrer" class="footer__link-item">GitHub<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div><div class="col footer__col"><div class="footer__title">Legal</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://opensource.facebook.com/legal/privacy/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Privacy<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li class="footer__item"><a href="https://opensource.facebook.com/legal/terms/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Terms<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div></div><div class="footer__bottom text--center"><div class="margin-bottom--sm"><a href="https://opensource.facebook.com" rel="noopener noreferrer" class="footerLogoLink_BH7S"><img src="/img/oss_logo.png" alt="Facebook Open Source Logo" class="themedImage_ToTc themedImage--light_HNdA footer__logo"><img src="/img/oss_logo.png" alt="Facebook Open Source Logo" class="themedImage_ToTc themedImage--dark_i4oU footer__logo"></a></div><div class="footer__copyright">Copyright © 2023 Meta Platforms, Inc. Built with Docusaurus.</div></div></div></footer></div>
-<script src="/assets/js/runtime~main.4240a0ef.js"></script>
+<script src="/assets/js/runtime~main.12fefa2a.js"></script>
 <script src="/assets/js/main.98fb840d.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/docs/debugging-fp-fns/index.html b/docs/debugging-fp-fns/index.html
index e9af44af..23c736d1 100644
--- a/docs/debugging-fp-fns/index.html
+++ b/docs/debugging-fp-fns/index.html
@@ -5,7 +5,7 @@
 <meta name="generator" content="Docusaurus v2.1.0">
 <title data-rh="true">Debugging False Positives/False Negatives | Mariana Trench</title><meta data-rh="true" name="viewport" content="width=device-width,initial-scale=1"><meta data-rh="true" name="twitter:card" content="summary_large_image"><meta data-rh="true" property="og:url" content="https://mariana-tren.ch/docs/debugging-fp-fns/"><meta data-rh="true" name="docusaurus_locale" content="en"><meta data-rh="true" name="docsearch:language" content="en"><meta data-rh="true" name="docusaurus_version" content="current"><meta data-rh="true" name="docusaurus_tag" content="docs-default-current"><meta data-rh="true" name="docsearch:version" content="current"><meta data-rh="true" name="docsearch:docusaurus_tag" content="docs-default-current"><meta data-rh="true" property="og:title" content="Debugging False Positives/False Negatives | Mariana Trench"><meta data-rh="true" name="description" content="This document is mainly intended for software engineers, to help them debug false positives and false negatives."><meta data-rh="true" property="og:description" content="This document is mainly intended for software engineers, to help them debug false positives and false negatives."><link data-rh="true" rel="icon" href="/img/favicon.ico"><link data-rh="true" rel="canonical" href="https://mariana-tren.ch/docs/debugging-fp-fns/"><link data-rh="true" rel="alternate" href="https://mariana-tren.ch/docs/debugging-fp-fns/" hreflang="en"><link data-rh="true" rel="alternate" href="https://mariana-tren.ch/docs/debugging-fp-fns/" hreflang="x-default"><link rel="alternate" type="application/rss+xml" href="/blog/rss.xml" title="Mariana Trench RSS Feed">
 <link rel="alternate" type="application/atom+xml" href="/blog/atom.xml" title="Mariana Trench Atom Feed"><link rel="stylesheet" href="/assets/css/styles.e56ff910.css">
-<link rel="preload" href="/assets/js/runtime~main.4240a0ef.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.12fefa2a.js" as="script">
 <link rel="preload" href="/assets/js/main.98fb840d.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -13,7 +13,7 @@
 <div style="display: none; text-align: center; background-color: white; color: black;" id="internaldocs-banner"></div><div id="__docusaurus">
 <div role="region" aria-label="theme.common.skipToMainContent"><a href="#" class="skipToContent_fXgn">Skip to main content</a></div><nav class="navbar navbar--fixed-top"><div class="navbar__inner"><div class="navbar__items"><button aria-label="Navigation bar toggle" class="navbar__toggle clean-btn" type="button" tabindex="0"><svg width="30" height="30" viewBox="0 0 30 30" aria-hidden="true"><path stroke="currentColor" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2" d="M4 7h22M4 15h22M4 23h22"></path></svg></button><a class="navbar__brand" href="/"><b class="navbar__title text--truncate">Mariana Trench</b></a><a aria-current="page" class="navbar__item navbar__link navbar__link--active" href="/docs/overview/">Documentation</a></div><div class="navbar__items navbar__items--right"><a href="https://github.com/facebook/mariana-trench" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link">GitHub<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a><div class="searchBox_ZlJk"></div></div></div><div role="presentation" class="navbar-sidebar__backdrop"></div></nav><div class="main-wrapper mainWrapper_z2l0 docsWrapper_BCFX"><button aria-label="Scroll back to top" class="clean-btn theme-back-to-top-button backToTopButton_sjWU" type="button"></button><div class="docPage__5DB"><aside class="theme-doc-sidebar-container docSidebarContainer_b6E3"><div class="sidebar_njMd"><nav class="menu thin-scrollbar menu_SIkG"><ul class="theme-doc-sidebar-menu menu__list"><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/docs/overview/">User Guide</a></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret menu__link--active" aria-expanded="true" href="/docs/contribution/">Developer Guide</a></div><ul style="display:block;overflow:visible;height:auto" class="menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/contribution/">Contribution</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link menu__link--active" aria-current="page" tabindex="0" href="/docs/debugging-fp-fns/">Debugging False Positives/False Negatives</a></li></ul></li></ul></nav></div></aside><main class="docMainContainer_gTbr"><div class="container padding-top--md padding-bottom--lg"><div class="row"><div class="col docItemCol_VOVn"><div class="docItemContainer_Djhp"><article><nav class="theme-doc-breadcrumbs breadcrumbsContainer_Z_bl" aria-label="Breadcrumbs"><ul class="breadcrumbs" itemscope="" itemtype="https://schema.org/BreadcrumbList"><li class="breadcrumbs__item"><a aria-label="Home page" class="breadcrumbs__link" href="/"><svg viewBox="0 0 24 24" class="breadcrumbHomeIcon_OVgt"><path d="M10 19v-5h4v5c0 .55.45 1 1 1h3c.55 0 1-.45 1-1v-7h1.7c.46 0 .68-.57.33-.87L12.67 3.6c-.38-.34-.96-.34-1.34 0l-8.36 7.53c-.34.3-.13.87.33.87H5v7c0 .55.45 1 1 1h3c.55 0 1-.45 1-1z" fill="currentColor"></path></svg></a></li><li class="breadcrumbs__item"><span class="breadcrumbs__link">Developer Guide</span><meta itemprop="position" content="1"></li><li itemscope="" itemprop="itemListElement" itemtype="https://schema.org/ListItem" class="breadcrumbs__item breadcrumbs__item--active"><span class="breadcrumbs__link" itemprop="name">Debugging False Positives/False Negatives</span><meta itemprop="position" content="2"></li></ul></nav><div class="tocCollapsible_ETCw theme-doc-toc-mobile tocMobile_ITEo"><button type="button" class="clean-btn tocCollapsibleButton_TO0P">On this page</button></div><div class="theme-doc-markdown markdown"><header><h1>Debugging False Positives/False Negatives</h1></header><p>This document is mainly intended for software engineers, to help them debug false positives and false negatives.</p>## Setup<p>First, you need to run the analysis on your computer. This will create <code>model@XXX.json</code> files in the current directory, containing the results of the analysis.</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="investigate-the-output-models">Investigate the output models<a class="hash-link" href="#investigate-the-output-models" title="Direct link to heading">​</a></h2><p>Now, your objective is to understand in which method we lost the flow (false negative) or introduced the invalid flow (false positive). You will need to look into the output models for that. I recommend to use the <code>explore_models.py</code> bento script.</p><p>Run the following command in the directory containing the output model files (i.e, <code>model@XXX.json</code>):</p>``` python3 -i mariana_trench_repository/scripts/explore_models.py ```<p>This provides you with a few helper functions:</p><div class="codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-text codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">  index(&#x27;.&#x27;)                    Index all available models in the given directory.</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  method_containing(&#x27;Foo;.bar&#x27;) Find all methods containing the given string.</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  method_matching(&#x27;Foo.*&#x27;)      Find all methods matching the given regular expression.</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  get_model(&#x27;Foo;.bar&#x27;)         Get the model for the given method.</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  print_model(&#x27;Foo;.bar&#x27;)       Pretty print the model for the given method.</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>Use <code>index</code> to index all models first:</p><div class="codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-text codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">In [1]: index()</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>Now you can search for methods with <code>method_containing</code> and print their models with <code>print_model</code>.
 You probably want to look at the first or last frame of the trace, to see if the source or sink is present. Then, you will want to follow the frames until you find the problematic method.</p><h3 class="anchor anchorWithStickyNavbar_LWe7" id="example">Example<a class="hash-link" href="#example" title="Direct link to heading">​</a></h3><p>Let&#x27;s suppose I am investigating a false negative, I want to find in which method we are losing the flow. I could start looking at the last frame, i.e the sink:</p><div class="codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-text codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">In [2]: method_containing(&#x27;Landroid/content/Context;.sendOrderedBroadcast&#x27;)</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">Out[2]:</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">[&#x27;Landroid/content/Context;.sendOrderedBroadcast:(Landroid/content/Intent;Ljava/lang/String;)V&#x27;,</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> &#x27;Landroid/content/Context;.sendOrderedBroadcast:(Landroid/content/Intent;Ljava/lang/String;Landroid/content/BroadcastReceiver;Landroid/os/Handler;ILjava/lang/String;Landroid/os/Bundle;)V&#x27;,</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> &#x27;Landroid/content/Context;.sendOrderedBroadcastAsUser:(Landroid/content/Intent;Landroid/os/UserHandle;Ljava/lang/String;Landroid/content/BroadcastReceiver;Landroid/os/Handler;ILjava/lang/String;Landroid/os/Bundle;)V&#x27;]</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">In [3]: print_model(&#x27;Landroid/content/Context;.sendOrderedBroadcast:(Landroid/content/Intent;Ljava/lang/String;Landroid/content/BroadcastReceiver;Landroid/os/Handler;ILjava/lang/String;Landroid/os/Bundle;)V&#x27;)</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">{</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  &quot;method&quot;: &quot;Landroid/content/Context;.sendOrderedBroadcast:(Landroid/content/Intent;Ljava/lang/String;Landroid/content/BroadcastReceiver;Landroid/os/Handler;ILjava/lang/String;Landroid/os/Bundle;)V&quot;,</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  &quot;modes&quot;: [</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    &quot;skip-analysis&quot;,</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    &quot;add-via-obscure-feature&quot;,</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    &quot;taint-in-taint-out&quot;,</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    &quot;taint-in-taint-this&quot;,</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    &quot;no-join-virtual-overrides&quot;</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  ],</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  &quot;position&quot;: {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    &quot;path&quot;: &quot;android/content/Context.java&quot;</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  },</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  ...</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  &quot;sinks&quot;: [</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      &quot;callee_port&quot;: &quot;Leaf&quot;,</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      &quot;caller_port&quot;: &quot;Argument(1)&quot;,</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      &quot;kind&quot;: &quot;LaunchingComponent&quot;,</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      &quot;origins&quot;: [</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        &quot;Landroid/content/Context;.sendOrderedBroadcast:(Landroid/content/Intent;Ljava/lang/String;Landroid/content/BroadcastReceiver;Landroid/os/Handler;ILjava/lang/String;Landroid/os/Bundle;)V&quot;</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      ]</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    }</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  ]</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>As expected, the method has a sink on Argument(1), so we are good for now. Next, I want to check the previous frame, which calls <code>Context.sendOrderedBroadcast</code>:</p><div class="codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-text codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">In [2]: method_containing(&#x27;ShortcutManagerCompat;.requestPinShortcut:&#x27;)</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">Out[2]: [&#x27;Landroidx/core/content/pm/ShortcutManagerCompat;.requestPinShortcut:(Landroid/content/Context;Landroidx/core/content/pm/ShortcutInfoCompat;Landroid/content/IntentSender;)Z&#x27;]</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">In [3]: print_model(&#x27;Landroidx/core/content/pm/ShortcutManagerCompat;.requestPinShortcut:(Landroid/content/Context;Landroidx/core/content/pm/ShortcutInfoCompat;Landroid/content/IntentSender;)Z&#x27;)</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">{</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  &quot;method&quot;: &quot;Landroidx/core/content/pm/ShortcutManagerCompat;.requestPinShortcut:(Landroid/content/Context;Landroidx/core/content/pm/ShortcutInfoCompat;Landroid/content/IntentSender;)Z&quot;,</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  &quot;position&quot;: {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    &quot;line&quot;: 112,</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    &quot;path&quot;: &quot;androidx/core/content/pm/ShortcutManagerCompat.java&quot;</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  },</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  ...</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  &quot;sinks&quot;: [</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">     ...</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      &quot;always_features&quot;: [</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        &quot;via-obscure&quot;,</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        &quot;via-obscure-taint-in-taint-this&quot;,</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        &quot;via-intent-extra&quot;,</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        &quot;has-intent-extras&quot;</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      ],</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      &quot;call_position&quot;: {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        &quot;line&quot;: 130,</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        &quot;path&quot;: &quot;androidx/core/content/pm/ShortcutManagerCompat.java&quot;</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      },</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      &quot;callee&quot;: &quot;Landroid/content/Context;.sendOrderedBroadcast:(Landroid/content/Intent;Ljava/lang/String;Landroid/content/BroadcastReceiver;Landroid/os/Handler;ILjava/lang/String;Landroid/os/Bundle;)V&quot;,</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      &quot;callee_port&quot;: &quot;Argument(1)&quot;,</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      &quot;caller_port&quot;: &quot;Argument(1).mIntents&quot;,</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      &quot;distance&quot;: 1,</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      &quot;kind&quot;: &quot;LaunchingComponent&quot;,</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      &quot;local_positions&quot;: [</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">          &quot;line&quot;: 121</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        }</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      ],</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      &quot;origins&quot;: [</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        &quot;Landroid/content/Context;.sendOrderedBroadcast:(Landroid/content/Intent;Ljava/lang/String;Landroid/content/BroadcastReceiver;Landroid/os/Handler;ILjava/lang/String;Landroid/os/Bundle;)V&quot;</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      ]</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    }</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  ]</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>I can see the frame from <code>ShortcutManagerCompat.requestPinShortcut</code> on <code>Argument(1).mIntents</code> to <code>Context.sendOrderedBroadcast</code> on <code>Argument(1)</code>. I can keep following frames until I find the method that misses a source or sink.</p><p>For frames from the source to the root callable, I should look at <code>generations</code>, and for frames from the root callable to the sink, I should look at <code>sinks</code>. On the root callable, I should look at <code>issues</code>.</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="investigating-the-transfer-function">Investigating the transfer function<a class="hash-link" href="#investigating-the-transfer-function" title="Direct link to heading">​</a></h2><p>Once you know in which method you are losing the flow or introducing an invalid flow, you will need to run the analysis with logging enabled for that method, using:</p>``` mariana-trench \ --apk-path=&#x27;your-apk&#x27; \ --log-method=&#x27;method-name&#x27; ```<p>This will log everything the transfer function does in that method, which might be a lot of logs. You can pipe this into a file or into <code>less</code>. Using logs, you should be able to see in which instruction you are losing the taint. Remember, the analysis computes a fixpoint, so the method will be analyzed multiple times. You should look at the last time it was analyzed (i.e, end of the logs).</p><p>Happy debugging!</p></div><footer class="theme-doc-footer docusaurus-mt-lg"><div class="theme-doc-footer-edit-meta-row row"><div class="col"><a href="https://github.com/facebook/mariana-trench/tree/main/documentation/website/documentation/debugging_fp_fns.md" target="_blank" rel="noreferrer noopener" class="theme-edit-this-page"><svg fill="currentColor" height="20" width="20" viewBox="0 0 40 40" class="iconEdit_Z9Sw" aria-hidden="true"><g><path d="m34.5 11.7l-3 3.1-6.3-6.3 3.1-3q0.5-0.5 1.2-0.5t1.1 0.5l3.9 3.9q0.5 0.4 0.5 1.1t-0.5 1.2z m-29.5 17.1l18.4-18.5 6.3 6.3-18.4 18.4h-6.3v-6.2z"></path></g></svg>Edit this page</a></div><div class="col lastUpdated_vwxv"></div></div></footer></article><nav class="pagination-nav docusaurus-mt-lg" aria-label="Docs pages navigation"><a class="pagination-nav__link pagination-nav__link--prev" href="/docs/contribution/"><div class="pagination-nav__sublabel">Previous</div><div class="pagination-nav__label">Contribution</div></a></nav></div></div><div class="col col--3"><div class="tableOfContents_bqdL thin-scrollbar theme-doc-toc-desktop"><ul class="table-of-contents table-of-contents__left-border"><li><a href="#investigate-the-output-models" class="table-of-contents__link toc-highlight">Investigate the output models</a><ul><li><a href="#example" class="table-of-contents__link toc-highlight">Example</a></li></ul></li><li><a href="#investigating-the-transfer-function" class="table-of-contents__link toc-highlight">Investigating the transfer function</a></li></ul></div></div></div></div></main></div></div><footer class="footer footer--dark"><div class="container container-fluid"><div class="row footer__links"><div class="col footer__col"><div class="footer__title">Learn</div><ul class="footer__items clean-list"><li class="footer__item"><a class="footer__link-item" href="/docs/getting-started/">Getting Started</a></li></ul></div><div class="col footer__col"><div class="footer__title">Community</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://twitter.com/metaOpenSource" target="_blank" rel="noopener noreferrer" class="footer__link-item">Twitter<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div><div class="col footer__col"><div class="footer__title">More</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://github.com/facebook/mariana-trench" target="_blank" rel="noopener noreferrer" class="footer__link-item">GitHub<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div><div class="col footer__col"><div class="footer__title">Legal</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://opensource.facebook.com/legal/privacy/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Privacy<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li class="footer__item"><a href="https://opensource.facebook.com/legal/terms/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Terms<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div></div><div class="footer__bottom text--center"><div class="margin-bottom--sm"><a href="https://opensource.facebook.com" rel="noopener noreferrer" class="footerLogoLink_BH7S"><img src="/img/oss_logo.png" alt="Facebook Open Source Logo" class="themedImage_ToTc themedImage--light_HNdA footer__logo"><img src="/img/oss_logo.png" alt="Facebook Open Source Logo" class="themedImage_ToTc themedImage--dark_i4oU footer__logo"></a></div><div class="footer__copyright">Copyright © 2023 Meta Platforms, Inc. Built with Docusaurus.</div></div></div></footer></div>
-<script src="/assets/js/runtime~main.4240a0ef.js"></script>
+<script src="/assets/js/runtime~main.12fefa2a.js"></script>
 <script src="/assets/js/main.98fb840d.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/docs/feature-descriptions/index.html b/docs/feature-descriptions/index.html
index ea4ba874..df0fe3bc 100644
--- a/docs/feature-descriptions/index.html
+++ b/docs/feature-descriptions/index.html
@@ -5,14 +5,14 @@
 <meta name="generator" content="Docusaurus v2.1.0">
 <title data-rh="true">Feature Glossary | Mariana Trench</title><meta data-rh="true" name="viewport" content="width=device-width,initial-scale=1"><meta data-rh="true" name="twitter:card" content="summary_large_image"><meta data-rh="true" property="og:url" content="https://mariana-tren.ch/docs/feature-descriptions/"><meta data-rh="true" name="docusaurus_locale" content="en"><meta data-rh="true" name="docsearch:language" content="en"><meta data-rh="true" name="docusaurus_version" content="current"><meta data-rh="true" name="docusaurus_tag" content="docs-default-current"><meta data-rh="true" name="docsearch:version" content="current"><meta data-rh="true" name="docsearch:docusaurus_tag" content="docs-default-current"><meta data-rh="true" property="og:title" content="Feature Glossary | Mariana Trench"><meta data-rh="true" name="description" content="As explained in the features section of the models wiki, a feature can be used to tag a flow and help filtering issues. A feature describes a property of a flow. A feature can be any arbitrary string. A feature that&#x27;s prefixed with always- signals that every path in the issue has that feature associated with it, while lacking that prefix means that at least one path, but not all paths, contains that feature."><meta data-rh="true" property="og:description" content="As explained in the features section of the models wiki, a feature can be used to tag a flow and help filtering issues. A feature describes a property of a flow. A feature can be any arbitrary string. A feature that&#x27;s prefixed with always- signals that every path in the issue has that feature associated with it, while lacking that prefix means that at least one path, but not all paths, contains that feature."><link data-rh="true" rel="icon" href="/img/favicon.ico"><link data-rh="true" rel="canonical" href="https://mariana-tren.ch/docs/feature-descriptions/"><link data-rh="true" rel="alternate" href="https://mariana-tren.ch/docs/feature-descriptions/" hreflang="en"><link data-rh="true" rel="alternate" href="https://mariana-tren.ch/docs/feature-descriptions/" hreflang="x-default"><link rel="alternate" type="application/rss+xml" href="/blog/rss.xml" title="Mariana Trench RSS Feed">
 <link rel="alternate" type="application/atom+xml" href="/blog/atom.xml" title="Mariana Trench Atom Feed"><link rel="stylesheet" href="/assets/css/styles.e56ff910.css">
-<link rel="preload" href="/assets/js/runtime~main.4240a0ef.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.12fefa2a.js" as="script">
 <link rel="preload" href="/assets/js/main.98fb840d.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
 <script>!function(){function t(t){document.documentElement.setAttribute("data-theme",t)}var e=function(){var t=null;try{t=localStorage.getItem("theme")}catch(t){}return t}();t(null!==e?e:"light")}()</script>
 <div style="display: none; text-align: center; background-color: white; color: black;" id="internaldocs-banner"></div><div id="__docusaurus">
 <div role="region" aria-label="theme.common.skipToMainContent"><a href="#" class="skipToContent_fXgn">Skip to main content</a></div><nav class="navbar navbar--fixed-top"><div class="navbar__inner"><div class="navbar__items"><button aria-label="Navigation bar toggle" class="navbar__toggle clean-btn" type="button" tabindex="0"><svg width="30" height="30" viewBox="0 0 30 30" aria-hidden="true"><path stroke="currentColor" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2" d="M4 7h22M4 15h22M4 23h22"></path></svg></button><a class="navbar__brand" href="/"><b class="navbar__title text--truncate">Mariana Trench</b></a><a aria-current="page" class="navbar__item navbar__link navbar__link--active" href="/docs/overview/">Documentation</a></div><div class="navbar__items navbar__items--right"><a href="https://github.com/facebook/mariana-trench" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link">GitHub<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a><div class="searchBox_ZlJk"></div></div></div><div role="presentation" class="navbar-sidebar__backdrop"></div></nav><div class="main-wrapper mainWrapper_z2l0 docsWrapper_BCFX"><button aria-label="Scroll back to top" class="clean-btn theme-back-to-top-button backToTopButton_sjWU" type="button"></button><div class="docPage__5DB"><aside class="theme-doc-sidebar-container docSidebarContainer_b6E3"><div class="sidebar_njMd"><nav class="menu thin-scrollbar menu_SIkG"><ul class="theme-doc-sidebar-menu menu__list"><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret menu__link--active" aria-expanded="true" href="/docs/overview/">User Guide</a></div><ul style="display:block;overflow:visible;height:auto" class="menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/overview/">Overview</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/getting-started/">Getting Started</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/configuration/">Configuration</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/customize-sources-and-sinks/">Customize Sources and Sinks</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/rules/">Rules</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/models/">Models &amp; Model Generators</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/shims/">Shims</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link menu__link--active" aria-current="page" tabindex="0" href="/docs/feature-descriptions/">Feature Glossary</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/known-false-negatives/">Known False Negatives</a></li></ul></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/docs/contribution/">Developer Guide</a></div></li></ul></nav></div></aside><main class="docMainContainer_gTbr"><div class="container padding-top--md padding-bottom--lg"><div class="row"><div class="col docItemCol_VOVn"><div class="docItemContainer_Djhp"><article><nav class="theme-doc-breadcrumbs breadcrumbsContainer_Z_bl" aria-label="Breadcrumbs"><ul class="breadcrumbs" itemscope="" itemtype="https://schema.org/BreadcrumbList"><li class="breadcrumbs__item"><a aria-label="Home page" class="breadcrumbs__link" href="/"><svg viewBox="0 0 24 24" class="breadcrumbHomeIcon_OVgt"><path d="M10 19v-5h4v5c0 .55.45 1 1 1h3c.55 0 1-.45 1-1v-7h1.7c.46 0 .68-.57.33-.87L12.67 3.6c-.38-.34-.96-.34-1.34 0l-8.36 7.53c-.34.3-.13.87.33.87H5v7c0 .55.45 1 1 1h3c.55 0 1-.45 1-1z" fill="currentColor"></path></svg></a></li><li class="breadcrumbs__item"><span class="breadcrumbs__link">User Guide</span><meta itemprop="position" content="1"></li><li itemscope="" itemprop="itemListElement" itemtype="https://schema.org/ListItem" class="breadcrumbs__item breadcrumbs__item--active"><span class="breadcrumbs__link" itemprop="name">Feature Glossary</span><meta itemprop="position" content="2"></li></ul></nav><div class="tocCollapsible_ETCw theme-doc-toc-mobile tocMobile_ITEo"><button type="button" class="clean-btn tocCollapsibleButton_TO0P">On this page</button></div><div class="theme-doc-markdown markdown"><header><h1>Feature Glossary</h1></header><p>As explained in the <a href="/docs/models/#features">features section of the models wiki</a>, a feature can be used to tag a flow and help filtering issues. A feature describes a property of a flow. A feature can be any arbitrary string. A feature that&#x27;s prefixed with <code>always-</code> signals that every path in the issue has that feature associated with it, while lacking that prefix means that at least one path, but not all paths, contains that feature.</p><p>This page will cover the purpose of the pre-configured features to help you understand how you can use them best.</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="pre-configured-features">Pre-configured features<a class="hash-link" href="#pre-configured-features" title="Direct link to heading">​</a></h2><ul><li>via-caller-exported<ul><li>This feature is applied when the root callable is directly or indirectly called from an exported component defined in the Android manifest. For example, if the root callable is in the <code>MainActivity</code> and the <code>MainActivity</code> is exported, this feature will be attached. It is needed in order to determine if an <code>Intent</code> source is third-party controllable or not. This feature is sometimes accompanied by <code>via-class</code> which tells you which class Mariana Trench used to determine that the root callable is called from an exported class.</li></ul></li><li>via-caller-unexported<ul><li>Same as <code>via-caller-exported</code> but applied if the root callable is considered to be called only via unexported components</li></ul></li><li>via-caller-permission<ul><li>Similair to <code>via-caller-exported</code> but applied if the root callable paths to a manifest entry that has a protectionLevel or Android permission declared.</li></ul></li><li>via-explicit-intent<ul><li>Applied when the taint flow goes via a class or package name setter on an Intent. This can be used to infer whether a launched Intent can resolve to third party apps or only to a specifically defined app (implicit versus explicit intents).</li></ul></li><li>via-inner-class-this<ul><li>Anonymous classes in Java byte code transfer the taint from the parent class to the anonymous class via <code>this.this$0</code> which can lead to <a href="/docs/models/#taint-broadening">broaden false positives</a>. This feature can be used to filter out such flows when they are a common false positive pattern.</li></ul></li><li>cast:<!-- -->[...]<ul><li>Cast features such as <code>cast:boolean</code> are applied when the tainted data is converted to that specific type. This allows for example to filter out data flows such as <code>taintedString.length()</code> where the returned tainted integer may no longer be of interest.</li></ul></li><li>via-obscure<ul><li>Obscure methods are methods for which Mariana Trench doesn&#x27;t have any byte code available. Therefore we generally apply taint-in-taint-out behaviour on these methods and add the feature <code>via-obscure</code> to tell the user that the data flow went along an obscure method.</li></ul></li><li>via-<!-- -->[...]<!-- -->-broadening<ul><li>Is applied when any of the four broaden operations is applied (see <a href="/docs/models/#taint-broadening">Models</a>).</li></ul></li></ul></div><footer class="theme-doc-footer docusaurus-mt-lg"><div class="theme-doc-footer-edit-meta-row row"><div class="col"><a href="https://github.com/facebook/mariana-trench/tree/main/documentation/website/documentation/feature_descriptions.md" target="_blank" rel="noreferrer noopener" class="theme-edit-this-page"><svg fill="currentColor" height="20" width="20" viewBox="0 0 40 40" class="iconEdit_Z9Sw" aria-hidden="true"><g><path d="m34.5 11.7l-3 3.1-6.3-6.3 3.1-3q0.5-0.5 1.2-0.5t1.1 0.5l3.9 3.9q0.5 0.4 0.5 1.1t-0.5 1.2z m-29.5 17.1l18.4-18.5 6.3 6.3-18.4 18.4h-6.3v-6.2z"></path></g></svg>Edit this page</a></div><div class="col lastUpdated_vwxv"></div></div></footer></article><nav class="pagination-nav docusaurus-mt-lg" aria-label="Docs pages navigation"><a class="pagination-nav__link pagination-nav__link--prev" href="/docs/shims/"><div class="pagination-nav__sublabel">Previous</div><div class="pagination-nav__label">Shims</div></a><a class="pagination-nav__link pagination-nav__link--next" href="/docs/known-false-negatives/"><div class="pagination-nav__sublabel">Next</div><div class="pagination-nav__label">Known False Negatives</div></a></nav></div></div><div class="col col--3"><div class="tableOfContents_bqdL thin-scrollbar theme-doc-toc-desktop"><ul class="table-of-contents table-of-contents__left-border"><li><a href="#pre-configured-features" class="table-of-contents__link toc-highlight">Pre-configured features</a></li></ul></div></div></div></div></main></div></div><footer class="footer footer--dark"><div class="container container-fluid"><div class="row footer__links"><div class="col footer__col"><div class="footer__title">Learn</div><ul class="footer__items clean-list"><li class="footer__item"><a class="footer__link-item" href="/docs/getting-started/">Getting Started</a></li></ul></div><div class="col footer__col"><div class="footer__title">Community</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://twitter.com/metaOpenSource" target="_blank" rel="noopener noreferrer" class="footer__link-item">Twitter<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div><div class="col footer__col"><div class="footer__title">More</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://github.com/facebook/mariana-trench" target="_blank" rel="noopener noreferrer" class="footer__link-item">GitHub<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div><div class="col footer__col"><div class="footer__title">Legal</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://opensource.facebook.com/legal/privacy/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Privacy<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li class="footer__item"><a href="https://opensource.facebook.com/legal/terms/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Terms<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div></div><div class="footer__bottom text--center"><div class="margin-bottom--sm"><a href="https://opensource.facebook.com" rel="noopener noreferrer" class="footerLogoLink_BH7S"><img src="/img/oss_logo.png" alt="Facebook Open Source Logo" class="themedImage_ToTc themedImage--light_HNdA footer__logo"><img src="/img/oss_logo.png" alt="Facebook Open Source Logo" class="themedImage_ToTc themedImage--dark_i4oU footer__logo"></a></div><div class="footer__copyright">Copyright © 2023 Meta Platforms, Inc. Built with Docusaurus.</div></div></div></footer></div>
-<script src="/assets/js/runtime~main.4240a0ef.js"></script>
+<script src="/assets/js/runtime~main.12fefa2a.js"></script>
 <script src="/assets/js/main.98fb840d.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/docs/getting-started/index.html b/docs/getting-started/index.html
index c0dfe951..5e7386a3 100644
--- a/docs/getting-started/index.html
+++ b/docs/getting-started/index.html
@@ -5,14 +5,14 @@
 <meta name="generator" content="Docusaurus v2.1.0">
 <title data-rh="true">Getting Started | Mariana Trench</title><meta data-rh="true" name="viewport" content="width=device-width,initial-scale=1"><meta data-rh="true" name="twitter:card" content="summary_large_image"><meta data-rh="true" property="og:url" content="https://mariana-tren.ch/docs/getting-started/"><meta data-rh="true" name="docusaurus_locale" content="en"><meta data-rh="true" name="docsearch:language" content="en"><meta data-rh="true" name="docusaurus_version" content="current"><meta data-rh="true" name="docusaurus_tag" content="docs-default-current"><meta data-rh="true" name="docsearch:version" content="current"><meta data-rh="true" name="docsearch:docusaurus_tag" content="docs-default-current"><meta data-rh="true" property="og:title" content="Getting Started | Mariana Trench"><meta data-rh="true" name="description" content="This guide will walk you through setting up Mariana Trench on your machine and get you to find your first remote code execution vulnerability in a small sample app."><meta data-rh="true" property="og:description" content="This guide will walk you through setting up Mariana Trench on your machine and get you to find your first remote code execution vulnerability in a small sample app."><link data-rh="true" rel="icon" href="/img/favicon.ico"><link data-rh="true" rel="canonical" href="https://mariana-tren.ch/docs/getting-started/"><link data-rh="true" rel="alternate" href="https://mariana-tren.ch/docs/getting-started/" hreflang="en"><link data-rh="true" rel="alternate" href="https://mariana-tren.ch/docs/getting-started/" hreflang="x-default"><link rel="alternate" type="application/rss+xml" href="/blog/rss.xml" title="Mariana Trench RSS Feed">
 <link rel="alternate" type="application/atom+xml" href="/blog/atom.xml" title="Mariana Trench Atom Feed"><link rel="stylesheet" href="/assets/css/styles.e56ff910.css">
-<link rel="preload" href="/assets/js/runtime~main.4240a0ef.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.12fefa2a.js" as="script">
 <link rel="preload" href="/assets/js/main.98fb840d.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
 <script>!function(){function t(t){document.documentElement.setAttribute("data-theme",t)}var e=function(){var t=null;try{t=localStorage.getItem("theme")}catch(t){}return t}();t(null!==e?e:"light")}()</script>
 <div style="display: none; text-align: center; background-color: white; color: black;" id="internaldocs-banner"></div><div id="__docusaurus">
 <div role="region" aria-label="theme.common.skipToMainContent"><a href="#" class="skipToContent_fXgn">Skip to main content</a></div><nav class="navbar navbar--fixed-top"><div class="navbar__inner"><div class="navbar__items"><button aria-label="Navigation bar toggle" class="navbar__toggle clean-btn" type="button" tabindex="0"><svg width="30" height="30" viewBox="0 0 30 30" aria-hidden="true"><path stroke="currentColor" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2" d="M4 7h22M4 15h22M4 23h22"></path></svg></button><a class="navbar__brand" href="/"><b class="navbar__title text--truncate">Mariana Trench</b></a><a aria-current="page" class="navbar__item navbar__link navbar__link--active" href="/docs/overview/">Documentation</a></div><div class="navbar__items navbar__items--right"><a href="https://github.com/facebook/mariana-trench" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link">GitHub<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a><div class="searchBox_ZlJk"></div></div></div><div role="presentation" class="navbar-sidebar__backdrop"></div></nav><div class="main-wrapper mainWrapper_z2l0 docsWrapper_BCFX"><button aria-label="Scroll back to top" class="clean-btn theme-back-to-top-button backToTopButton_sjWU" type="button"></button><div class="docPage__5DB"><aside class="theme-doc-sidebar-container docSidebarContainer_b6E3"><div class="sidebar_njMd"><nav class="menu thin-scrollbar menu_SIkG"><ul class="theme-doc-sidebar-menu menu__list"><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret menu__link--active" aria-expanded="true" href="/docs/overview/">User Guide</a></div><ul style="display:block;overflow:visible;height:auto" class="menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/overview/">Overview</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link menu__link--active" aria-current="page" tabindex="0" href="/docs/getting-started/">Getting Started</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/configuration/">Configuration</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/customize-sources-and-sinks/">Customize Sources and Sinks</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/rules/">Rules</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/models/">Models &amp; Model Generators</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/shims/">Shims</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/feature-descriptions/">Feature Glossary</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/known-false-negatives/">Known False Negatives</a></li></ul></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/docs/contribution/">Developer Guide</a></div></li></ul></nav></div></aside><main class="docMainContainer_gTbr"><div class="container padding-top--md padding-bottom--lg"><div class="row"><div class="col docItemCol_VOVn"><div class="docItemContainer_Djhp"><article><nav class="theme-doc-breadcrumbs breadcrumbsContainer_Z_bl" aria-label="Breadcrumbs"><ul class="breadcrumbs" itemscope="" itemtype="https://schema.org/BreadcrumbList"><li class="breadcrumbs__item"><a aria-label="Home page" class="breadcrumbs__link" href="/"><svg viewBox="0 0 24 24" class="breadcrumbHomeIcon_OVgt"><path d="M10 19v-5h4v5c0 .55.45 1 1 1h3c.55 0 1-.45 1-1v-7h1.7c.46 0 .68-.57.33-.87L12.67 3.6c-.38-.34-.96-.34-1.34 0l-8.36 7.53c-.34.3-.13.87.33.87H5v7c0 .55.45 1 1 1h3c.55 0 1-.45 1-1z" fill="currentColor"></path></svg></a></li><li class="breadcrumbs__item"><span class="breadcrumbs__link">User Guide</span><meta itemprop="position" content="1"></li><li itemscope="" itemprop="itemListElement" itemtype="https://schema.org/ListItem" class="breadcrumbs__item breadcrumbs__item--active"><span class="breadcrumbs__link" itemprop="name">Getting Started</span><meta itemprop="position" content="2"></li></ul></nav><div class="tocCollapsible_ETCw theme-doc-toc-mobile tocMobile_ITEo"><button type="button" class="clean-btn tocCollapsibleButton_TO0P">On this page</button></div><div class="theme-doc-markdown markdown"><header><h1>Getting Started</h1></header><p>This guide will walk you through setting up Mariana Trench on your machine and get you to find your first remote code execution vulnerability in a small sample app.</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="prerequisites">Prerequisites<a class="hash-link" href="#prerequisites" title="Direct link to heading">​</a></h2><p>Mariana Trench requires a recent version of <a href="https://www.python.org/downloads/" target="_blank" rel="noopener noreferrer">Python</a>. On MacOS you can get a current version through <a href="https://brew.sh/" target="_blank" rel="noopener noreferrer">homebrew</a>:</p><div class="language-shell codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-shell codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">$ brew </span><span class="token function" style="color:rgb(130, 170, 255)">install</span><span class="token plain"> python3</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>On a Debian flavored Linux (Ubuntu, Mint, Debian), you can use <code>apt-get</code>:</p><div class="language-shell codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-shell codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">$ </span><span class="token function" style="color:rgb(130, 170, 255)">sudo</span><span class="token plain"> </span><span class="token function" style="color:rgb(130, 170, 255)">apt-get</span><span class="token plain"> </span><span class="token function" style="color:rgb(130, 170, 255)">install</span><span class="token plain"> python3 python3-pip python3-venv</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>This guide also assumes you have the <a href="https://developer.android.com/studio" target="_blank" rel="noopener noreferrer">Android SDK</a> installed and an environment variable <code>$ANDROID_SDK</code> pointed to the location of the SDK.</p><p>For the rest of this guide, we assume that you are working inside of a <a href="https://docs.python.org/3/tutorial/venv.html" target="_blank" rel="noopener noreferrer">virtual environment</a>. You can set this up with</p><div class="language-shell codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-shell codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">$ python3 -m venv ~/.venvs/mariana-trench</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">$ </span><span class="token builtin class-name" style="color:rgb(255, 203, 107)">source</span><span class="token plain"> ~/.venvs/mariana-trench/bin/activate</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token punctuation" style="color:rgb(199, 146, 234)">(</span><span class="token plain">mariana-trench</span><span class="token punctuation" style="color:rgb(199, 146, 234)">)</span><span class="token plain">$</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>The name of the virtual environment in front of your shell prompt indicates that the virtual environment is active.</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="installing-mariana-trench">Installing Mariana Trench<a class="hash-link" href="#installing-mariana-trench" title="Direct link to heading">​</a></h2><p>Inside your virtual environment installing Mariana Trench is as easy as running</p><div class="language-shell codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-shell codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token punctuation" style="color:rgb(199, 146, 234)">(</span><span class="token plain">mariana-trench</span><span class="token punctuation" style="color:rgb(199, 146, 234)">)</span><span class="token plain">$ pip </span><span class="token function" style="color:rgb(130, 170, 255)">install</span><span class="token plain"> mariana-trench</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><h2 class="anchor anchorWithStickyNavbar_LWe7" id="running-mariana-trench">Running Mariana Trench<a class="hash-link" href="#running-mariana-trench" title="Direct link to heading">​</a></h2><p>We&#x27;ll use a small app that is part of our documentation. You can get it by running</p><div class="language-shell codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-shell codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token punctuation" style="color:rgb(199, 146, 234)">(</span><span class="token plain">mariana-trench</span><span class="token punctuation" style="color:rgb(199, 146, 234)">)</span><span class="token plain">$ </span><span class="token function" style="color:rgb(130, 170, 255)">git</span><span class="token plain"> clone https://github.com/facebook/mariana-trench</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token punctuation" style="color:rgb(199, 146, 234)">(</span><span class="token plain">mariana-trench</span><span class="token punctuation" style="color:rgb(199, 146, 234)">)</span><span class="token plain">$ </span><span class="token builtin class-name" style="color:rgb(255, 203, 107)">cd</span><span class="token plain"> mariana-trench/documentation/sample-app</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>We are now ready to run the analysis</p><div class="language-shell codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-shell codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token punctuation" style="color:rgb(199, 146, 234)">(</span><span class="token plain">mariana-trench</span><span class="token punctuation" style="color:rgb(199, 146, 234)">)</span><span class="token plain">$ mariana-trench </span><span class="token punctuation" style="color:rgb(199, 146, 234)">\</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  --system-jar-configuration-path</span><span class="token operator" style="color:rgb(137, 221, 255)">=</span><span class="token variable" style="color:rgb(191, 199, 213)">$ANDROID_SDK</span><span class="token plain">/platforms/android-30/android.jar</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  --apk-path</span><span class="token operator" style="color:rgb(137, 221, 255)">=</span><span class="token plain">sample-app-debug.apk </span><span class="token punctuation" style="color:rgb(199, 146, 234)">\</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  --source-root-directory</span><span class="token operator" style="color:rgb(137, 221, 255)">=</span><span class="token plain">app/src/main/java</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token comment" style="color:rgb(105, 112, 152);font-style:italic"># ...</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">INFO Analyzed </span><span class="token number" style="color:rgb(247, 140, 108)">68886</span><span class="token plain"> models </span><span class="token keyword" style="font-style:italic">in</span><span class="token plain"> </span><span class="token number" style="color:rgb(247, 140, 108)">4</span><span class="token plain">.04s. Found </span><span class="token number" style="color:rgb(247, 140, 108)">4</span><span class="token plain"> issues</span><span class="token operator" style="color:rgb(137, 221, 255)">!</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token comment" style="color:rgb(105, 112, 152);font-style:italic"># ...</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>The analysis has found 4 issues in our sample app. The output of the analyis is a set of specifications for each method of the application.</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="post-processing">Post Processing<a class="hash-link" href="#post-processing" title="Direct link to heading">​</a></h2><p>The specifications themselves are not meant to be read by humans. We need an additional processing step in order to make the results more presentable. We do this with <a href="https://github.com/facebook/sapp" target="_blank" rel="noopener noreferrer">SAPP</a> PyPi installed for us:</p><div class="language-shell codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-shell codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token punctuation" style="color:rgb(199, 146, 234)">(</span><span class="token plain">mariana-trench</span><span class="token punctuation" style="color:rgb(199, 146, 234)">)</span><span class="token plain">$ sapp --tool</span><span class="token operator" style="color:rgb(137, 221, 255)">=</span><span class="token plain">mariana-trench analyze </span><span class="token builtin class-name" style="color:rgb(255, 203, 107)">.</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token punctuation" style="color:rgb(199, 146, 234)">(</span><span class="token plain">mariana-trench</span><span class="token punctuation" style="color:rgb(199, 146, 234)">)</span><span class="token plain">$ sapp --database-name</span><span class="token operator" style="color:rgb(137, 221, 255)">=</span><span class="token plain">sapp.db server --source-directory</span><span class="token operator" style="color:rgb(137, 221, 255)">=</span><span class="token plain">app/src/main/java</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token comment" style="color:rgb(105, 112, 152);font-style:italic"># ...</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token number" style="color:rgb(247, 140, 108)">2021</span><span class="token plain">-05-12 </span><span class="token number" style="color:rgb(247, 140, 108)">12</span><span class="token plain">:27:22,867 </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain">INFO</span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain">  * Running on http://localhost:13337/ </span><span class="token punctuation" style="color:rgb(199, 146, 234)">(</span><span class="token plain">Press CTRL+C to quit</span><span class="token punctuation" style="color:rgb(199, 146, 234)">)</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>The last line of the output tells us that SAPP started a local webserver that lets us look at the results. Open the link and you will see the 4 issues found by the analyis.</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="exploring-results">Exploring Results<a class="hash-link" href="#exploring-results" title="Direct link to heading">​</a></h2><p>Let&#x27;s focus on the remote code execution issue found in the sample app. You can identify it by its issue code <code>1</code> (for all remote code executions) and the callable <code>void MainActivit.onCreate(Bundle)</code>. With only 4 issues to see it&#x27;s easy to identify the issue manually but once more rules run, the filter functionality at the top right of the page comes in handy.</p><img loading="lazy" alt="Single Issue Display" src="/img/issue.png" class="img_ev3q"><p>The issue tells you that Mariana Trench found a remote code execution in <code>MainActivit.onCreate</code> where the data is coming from <code>Activity.getIntent</code> one call away, and flows into the constructor of <code>ProcessBuilder</code> 3 calls away. Click on &quot;Traces&quot; in the top right corner of the issue to see an example trace.</p><p>The trace surfaced by Mariana Trench consists of three parts.</p><p>The <em>source trace</em> represents where the data is coming from. In our example, the trace is very short: <code>Activity.getIntent</code> is called in <code>MainActivity.onCreate</code> directly.</p><img loading="lazy" alt="Trace Source" src="/img/trace_source.png" class="img_ev3q"><p>The <em>trace root</em> represents where the source trace meets the sink trace. In our example this is the activitie&#x27;s <code>onCreate</code> method.</p><img loading="lazy" alt="Trace Root" src="/img/trace_root.png" class="img_ev3q"><p>The final part of the trace is the <em>sink trace</em>: This is where the data from the source flows down into a sink. In our example from <code>onCreate</code>, to <code>onClick</code>, to <code>execute</code>, and finally into the constructor of <code>ProcessBuilder</code>.</p><img loading="lazy" alt="Trace Source" src="/img/trace_sink.png" class="img_ev3q"><h2 class="anchor anchorWithStickyNavbar_LWe7" id="configuring-mariana-trench">Configuring Mariana Trench<a class="hash-link" href="#configuring-mariana-trench" title="Direct link to heading">​</a></h2><p>You might be asking yourself, &quot;how does the tool know what is user controlled data, and what is a sink?&quot;. This guide is meant to quickly get you started on a small app. We did not cover how to configure Mariana Trench. You can read more about that in the <a href="/docs/configuration/">Configuration section</a>.</p></div><footer class="theme-doc-footer docusaurus-mt-lg"><div class="theme-doc-footer-edit-meta-row row"><div class="col"><a href="https://github.com/facebook/mariana-trench/tree/main/documentation/website/documentation/getting_started.md" target="_blank" rel="noreferrer noopener" class="theme-edit-this-page"><svg fill="currentColor" height="20" width="20" viewBox="0 0 40 40" class="iconEdit_Z9Sw" aria-hidden="true"><g><path d="m34.5 11.7l-3 3.1-6.3-6.3 3.1-3q0.5-0.5 1.2-0.5t1.1 0.5l3.9 3.9q0.5 0.4 0.5 1.1t-0.5 1.2z m-29.5 17.1l18.4-18.5 6.3 6.3-18.4 18.4h-6.3v-6.2z"></path></g></svg>Edit this page</a></div><div class="col lastUpdated_vwxv"></div></div></footer></article><nav class="pagination-nav docusaurus-mt-lg" aria-label="Docs pages navigation"><a class="pagination-nav__link pagination-nav__link--prev" href="/docs/overview/"><div class="pagination-nav__sublabel">Previous</div><div class="pagination-nav__label">Overview</div></a><a class="pagination-nav__link pagination-nav__link--next" href="/docs/configuration/"><div class="pagination-nav__sublabel">Next</div><div class="pagination-nav__label">Configuration</div></a></nav></div></div><div class="col col--3"><div class="tableOfContents_bqdL thin-scrollbar theme-doc-toc-desktop"><ul class="table-of-contents table-of-contents__left-border"><li><a href="#prerequisites" class="table-of-contents__link toc-highlight">Prerequisites</a></li><li><a href="#installing-mariana-trench" class="table-of-contents__link toc-highlight">Installing Mariana Trench</a></li><li><a href="#running-mariana-trench" class="table-of-contents__link toc-highlight">Running Mariana Trench</a></li><li><a href="#post-processing" class="table-of-contents__link toc-highlight">Post Processing</a></li><li><a href="#exploring-results" class="table-of-contents__link toc-highlight">Exploring Results</a></li><li><a href="#configuring-mariana-trench" class="table-of-contents__link toc-highlight">Configuring Mariana Trench</a></li></ul></div></div></div></div></main></div></div><footer class="footer footer--dark"><div class="container container-fluid"><div class="row footer__links"><div class="col footer__col"><div class="footer__title">Learn</div><ul class="footer__items clean-list"><li class="footer__item"><a class="footer__link-item" href="/docs/getting-started/">Getting Started</a></li></ul></div><div class="col footer__col"><div class="footer__title">Community</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://twitter.com/metaOpenSource" target="_blank" rel="noopener noreferrer" class="footer__link-item">Twitter<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div><div class="col footer__col"><div class="footer__title">More</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://github.com/facebook/mariana-trench" target="_blank" rel="noopener noreferrer" class="footer__link-item">GitHub<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div><div class="col footer__col"><div class="footer__title">Legal</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://opensource.facebook.com/legal/privacy/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Privacy<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li class="footer__item"><a href="https://opensource.facebook.com/legal/terms/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Terms<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div></div><div class="footer__bottom text--center"><div class="margin-bottom--sm"><a href="https://opensource.facebook.com" rel="noopener noreferrer" class="footerLogoLink_BH7S"><img src="/img/oss_logo.png" alt="Facebook Open Source Logo" class="themedImage_ToTc themedImage--light_HNdA footer__logo"><img src="/img/oss_logo.png" alt="Facebook Open Source Logo" class="themedImage_ToTc themedImage--dark_i4oU footer__logo"></a></div><div class="footer__copyright">Copyright © 2023 Meta Platforms, Inc. Built with Docusaurus.</div></div></div></footer></div>
-<script src="/assets/js/runtime~main.4240a0ef.js"></script>
+<script src="/assets/js/runtime~main.12fefa2a.js"></script>
 <script src="/assets/js/main.98fb840d.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/docs/known-false-negatives/index.html b/docs/known-false-negatives/index.html
index 69896785..95590666 100644
--- a/docs/known-false-negatives/index.html
+++ b/docs/known-false-negatives/index.html
@@ -5,14 +5,14 @@
 <meta name="generator" content="Docusaurus v2.1.0">
 <title data-rh="true">Known False Negatives | Mariana Trench</title><meta data-rh="true" name="viewport" content="width=device-width,initial-scale=1"><meta data-rh="true" name="twitter:card" content="summary_large_image"><meta data-rh="true" property="og:url" content="https://mariana-tren.ch/docs/known-false-negatives/"><meta data-rh="true" name="docusaurus_locale" content="en"><meta data-rh="true" name="docsearch:language" content="en"><meta data-rh="true" name="docusaurus_version" content="current"><meta data-rh="true" name="docusaurus_tag" content="docs-default-current"><meta data-rh="true" name="docsearch:version" content="current"><meta data-rh="true" name="docsearch:docusaurus_tag" content="docs-default-current"><meta data-rh="true" property="og:title" content="Known False Negatives | Mariana Trench"><meta data-rh="true" name="description" content="Like any static analysis tools, Mariana Trench has false negatives. This documents the more well-known places where taint is dropped. Note that this is not an exhaustive list. See this wiki for instructions on how to debug them."><meta data-rh="true" property="og:description" content="Like any static analysis tools, Mariana Trench has false negatives. This documents the more well-known places where taint is dropped. Note that this is not an exhaustive list. See this wiki for instructions on how to debug them."><link data-rh="true" rel="icon" href="/img/favicon.ico"><link data-rh="true" rel="canonical" href="https://mariana-tren.ch/docs/known-false-negatives/"><link data-rh="true" rel="alternate" href="https://mariana-tren.ch/docs/known-false-negatives/" hreflang="en"><link data-rh="true" rel="alternate" href="https://mariana-tren.ch/docs/known-false-negatives/" hreflang="x-default"><link rel="alternate" type="application/rss+xml" href="/blog/rss.xml" title="Mariana Trench RSS Feed">
 <link rel="alternate" type="application/atom+xml" href="/blog/atom.xml" title="Mariana Trench Atom Feed"><link rel="stylesheet" href="/assets/css/styles.e56ff910.css">
-<link rel="preload" href="/assets/js/runtime~main.4240a0ef.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.12fefa2a.js" as="script">
 <link rel="preload" href="/assets/js/main.98fb840d.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
 <script>!function(){function t(t){document.documentElement.setAttribute("data-theme",t)}var e=function(){var t=null;try{t=localStorage.getItem("theme")}catch(t){}return t}();t(null!==e?e:"light")}()</script>
 <div style="display: none; text-align: center; background-color: white; color: black;" id="internaldocs-banner"></div><div id="__docusaurus">
 <div role="region" aria-label="theme.common.skipToMainContent"><a href="#" class="skipToContent_fXgn">Skip to main content</a></div><nav class="navbar navbar--fixed-top"><div class="navbar__inner"><div class="navbar__items"><button aria-label="Navigation bar toggle" class="navbar__toggle clean-btn" type="button" tabindex="0"><svg width="30" height="30" viewBox="0 0 30 30" aria-hidden="true"><path stroke="currentColor" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2" d="M4 7h22M4 15h22M4 23h22"></path></svg></button><a class="navbar__brand" href="/"><b class="navbar__title text--truncate">Mariana Trench</b></a><a aria-current="page" class="navbar__item navbar__link navbar__link--active" href="/docs/overview/">Documentation</a></div><div class="navbar__items navbar__items--right"><a href="https://github.com/facebook/mariana-trench" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link">GitHub<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a><div class="searchBox_ZlJk"></div></div></div><div role="presentation" class="navbar-sidebar__backdrop"></div></nav><div class="main-wrapper mainWrapper_z2l0 docsWrapper_BCFX"><button aria-label="Scroll back to top" class="clean-btn theme-back-to-top-button backToTopButton_sjWU" type="button"></button><div class="docPage__5DB"><aside class="theme-doc-sidebar-container docSidebarContainer_b6E3"><div class="sidebar_njMd"><nav class="menu thin-scrollbar menu_SIkG"><ul class="theme-doc-sidebar-menu menu__list"><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret menu__link--active" aria-expanded="true" href="/docs/overview/">User Guide</a></div><ul style="display:block;overflow:visible;height:auto" class="menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/overview/">Overview</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/getting-started/">Getting Started</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/configuration/">Configuration</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/customize-sources-and-sinks/">Customize Sources and Sinks</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/rules/">Rules</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/models/">Models &amp; Model Generators</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/shims/">Shims</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/feature-descriptions/">Feature Glossary</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link menu__link--active" aria-current="page" tabindex="0" href="/docs/known-false-negatives/">Known False Negatives</a></li></ul></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/docs/contribution/">Developer Guide</a></div></li></ul></nav></div></aside><main class="docMainContainer_gTbr"><div class="container padding-top--md padding-bottom--lg"><div class="row"><div class="col docItemCol_VOVn"><div class="docItemContainer_Djhp"><article><nav class="theme-doc-breadcrumbs breadcrumbsContainer_Z_bl" aria-label="Breadcrumbs"><ul class="breadcrumbs" itemscope="" itemtype="https://schema.org/BreadcrumbList"><li class="breadcrumbs__item"><a aria-label="Home page" class="breadcrumbs__link" href="/"><svg viewBox="0 0 24 24" class="breadcrumbHomeIcon_OVgt"><path d="M10 19v-5h4v5c0 .55.45 1 1 1h3c.55 0 1-.45 1-1v-7h1.7c.46 0 .68-.57.33-.87L12.67 3.6c-.38-.34-.96-.34-1.34 0l-8.36 7.53c-.34.3-.13.87.33.87H5v7c0 .55.45 1 1 1h3c.55 0 1-.45 1-1z" fill="currentColor"></path></svg></a></li><li class="breadcrumbs__item"><span class="breadcrumbs__link">User Guide</span><meta itemprop="position" content="1"></li><li itemscope="" itemprop="itemListElement" itemtype="https://schema.org/ListItem" class="breadcrumbs__item breadcrumbs__item--active"><span class="breadcrumbs__link" itemprop="name">Known False Negatives</span><meta itemprop="position" content="2"></li></ul></nav><div class="tocCollapsible_ETCw theme-doc-toc-mobile tocMobile_ITEo"><button type="button" class="clean-btn tocCollapsibleButton_TO0P">On this page</button></div><div class="theme-doc-markdown markdown"><header><h1>Known False Negatives</h1></header><p>Like any static analysis tools, Mariana Trench has false negatives. This documents the more well-known places where taint is dropped. Note that this is not an exhaustive list. See <a href="/docs/debugging-fp-fns/">this wiki</a> for instructions on how to debug them.</p><p>Many of these options are <em>configurable</em>, not hard limits. There are analysis time, memory, and quality tradeoffs.</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="trace-too-long">Trace too Long<a class="hash-link" href="#trace-too-long" title="Direct link to heading">​</a></h2><p>Mariana Trench stops propagating taint beyond a certain depth. This depth is currently configured at 7. In code:</p><div class="codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-text codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">// This method has depth 1.</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">public int get_source_1() { return source(); }</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">// This method has depth 2.</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">public int get_source_2() { return get_source_1(); }</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">...</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">// This method has depth 7.</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">public int get_source_7() { return get_source_6(); }</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">// This method theoretically has depth 8, but MT drops the source here.</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">public int get_source_8() { return get_source_7(); }</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p><strong>Workaround:</strong> If the chain of wrappers obviously leads to a source or sink, instead of defining the source at <code>source()</code>, one could write an additional model marking <code>get_source_7()</code> as a source.</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="fields-of-fields-of-fields-of-fields">Fields of Fields of Fields of Fields...<a class="hash-link" href="#fields-of-fields-of-fields-of-fields" title="Direct link to heading">​</a></h2><p>Taint of an object is dropped when it occurs too deep within the object. This depth is configured at 4. In code:</p><div class="codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-text codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">public void taintedThis() {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  this.mField1 = source(); // This is OK</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  this.mField1.mField2.mField3.mField4.mField5 = source(); // This gets dropped</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p><strong>Workaround:</strong> This isn’t much of a workaround, but one can manually configure the source on “this.mField1.....mField4” instead. This will be a form of over-abstraction and could lead to false positives.</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="fanouts">Fanouts<a class="hash-link" href="#fanouts" title="Direct link to heading">​</a></h2><p>If a virtual method has too many overrides, beyond a certain number (currently configured at 40), we stop considering all overrides and look only at the direct method being called. In code:</p><div class="codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-text codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">interface IFace {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  public int possibleSource();</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">}</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">class Class1 implements IFace {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  public int possibleSource() { return 1; }</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">}</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">...</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">class Class41 implements IFace {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  public int possibleSource() { return source(); }</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">}</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">int maybeIssue(IFace iface) {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  // The source will get dropped here because there are too many overrides.</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  // MT will not report an issue.</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  sink(iface.possibleSource());</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">}</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain" style="display:inline-block"></span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p><strong>Workaround:</strong> Unfortunately, there are no known workarounds.</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="propagation-across-arguments">Propagation across Arguments<a class="hash-link" href="#propagation-across-arguments" title="Direct link to heading">​</a></h2><p>Mariana Trench computes propagations for each method (this may be known as “tito” (taint-in-taint-out) in other tools). Propagations tell the analysis that if an argument is tainted by a source, whether its return value, or the method’s “this” object become tainted by the argument. However, without explictly specifying <code>--propagate-across-arguments</code>, Mariana Trench does not propagate taint from one argument to another. In code:</p><div class="codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-text codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">void setIntentVaue(Intent intent, Uri uri) {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  // MT sees that intent.putExtra has a propagation from uri (Argument(2)) to</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  // intent (Argument(0) or this).</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  intent.putExtra(&quot;label&quot;, uri);</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  // However, when it finishes analyzing setIntentValue, it will not track the</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  // propagation from uri to intent.</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">}</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">void falseNegative() {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  Uri uri = source();</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  Intent intent = new Intent();</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  // If this were the code, MT will detect a source-&gt;sink flow at launchActivitySink.</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  // intent.putExtra(&quot;label&quot;, uri);</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  // MT loses the flow from uri-&gt;intent at this point.</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  setIntentValue(intent, uri);</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  launchActivitySink(intent);</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p><strong>Workaround 1:</strong> Write an explicit propagation model for the method. While Mariana Trench does not infer propagations across arguments, it does allow manual specification of such models.</p><p><strong>Workaround 2:</strong> Enable <code>--propagate-across-arguments</code>, which enables taint propagation across method invocations for object. Note that the behaviour is enabled globally, meaning that this may incur a significant runtime and memory overhead.</p></div><footer class="theme-doc-footer docusaurus-mt-lg"><div class="theme-doc-footer-edit-meta-row row"><div class="col"><a href="https://github.com/facebook/mariana-trench/tree/main/documentation/website/documentation/known_false_negatives.md" target="_blank" rel="noreferrer noopener" class="theme-edit-this-page"><svg fill="currentColor" height="20" width="20" viewBox="0 0 40 40" class="iconEdit_Z9Sw" aria-hidden="true"><g><path d="m34.5 11.7l-3 3.1-6.3-6.3 3.1-3q0.5-0.5 1.2-0.5t1.1 0.5l3.9 3.9q0.5 0.4 0.5 1.1t-0.5 1.2z m-29.5 17.1l18.4-18.5 6.3 6.3-18.4 18.4h-6.3v-6.2z"></path></g></svg>Edit this page</a></div><div class="col lastUpdated_vwxv"></div></div></footer></article><nav class="pagination-nav docusaurus-mt-lg" aria-label="Docs pages navigation"><a class="pagination-nav__link pagination-nav__link--prev" href="/docs/feature-descriptions/"><div class="pagination-nav__sublabel">Previous</div><div class="pagination-nav__label">Feature Glossary</div></a><a class="pagination-nav__link pagination-nav__link--next" href="/docs/contribution/"><div class="pagination-nav__sublabel">Next</div><div class="pagination-nav__label">Contribution</div></a></nav></div></div><div class="col col--3"><div class="tableOfContents_bqdL thin-scrollbar theme-doc-toc-desktop"><ul class="table-of-contents table-of-contents__left-border"><li><a href="#trace-too-long" class="table-of-contents__link toc-highlight">Trace too Long</a></li><li><a href="#fields-of-fields-of-fields-of-fields" class="table-of-contents__link toc-highlight">Fields of Fields of Fields of Fields...</a></li><li><a href="#fanouts" class="table-of-contents__link toc-highlight">Fanouts</a></li><li><a href="#propagation-across-arguments" class="table-of-contents__link toc-highlight">Propagation across Arguments</a></li></ul></div></div></div></div></main></div></div><footer class="footer footer--dark"><div class="container container-fluid"><div class="row footer__links"><div class="col footer__col"><div class="footer__title">Learn</div><ul class="footer__items clean-list"><li class="footer__item"><a class="footer__link-item" href="/docs/getting-started/">Getting Started</a></li></ul></div><div class="col footer__col"><div class="footer__title">Community</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://twitter.com/metaOpenSource" target="_blank" rel="noopener noreferrer" class="footer__link-item">Twitter<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div><div class="col footer__col"><div class="footer__title">More</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://github.com/facebook/mariana-trench" target="_blank" rel="noopener noreferrer" class="footer__link-item">GitHub<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div><div class="col footer__col"><div class="footer__title">Legal</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://opensource.facebook.com/legal/privacy/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Privacy<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li class="footer__item"><a href="https://opensource.facebook.com/legal/terms/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Terms<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div></div><div class="footer__bottom text--center"><div class="margin-bottom--sm"><a href="https://opensource.facebook.com" rel="noopener noreferrer" class="footerLogoLink_BH7S"><img src="/img/oss_logo.png" alt="Facebook Open Source Logo" class="themedImage_ToTc themedImage--light_HNdA footer__logo"><img src="/img/oss_logo.png" alt="Facebook Open Source Logo" class="themedImage_ToTc themedImage--dark_i4oU footer__logo"></a></div><div class="footer__copyright">Copyright © 2023 Meta Platforms, Inc. Built with Docusaurus.</div></div></div></footer></div>
-<script src="/assets/js/runtime~main.4240a0ef.js"></script>
+<script src="/assets/js/runtime~main.12fefa2a.js"></script>
 <script src="/assets/js/main.98fb840d.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/docs/models/index.html b/docs/models/index.html
index e4fefdc3..ea404961 100644
--- a/docs/models/index.html
+++ b/docs/models/index.html
@@ -5,14 +5,14 @@
 <meta name="generator" content="Docusaurus v2.1.0">
 <title data-rh="true">Models &amp; Model Generators | Mariana Trench</title><meta data-rh="true" name="viewport" content="width=device-width,initial-scale=1"><meta data-rh="true" name="twitter:card" content="summary_large_image"><meta data-rh="true" property="og:url" content="https://mariana-tren.ch/docs/models/"><meta data-rh="true" name="docusaurus_locale" content="en"><meta data-rh="true" name="docsearch:language" content="en"><meta data-rh="true" name="docusaurus_version" content="current"><meta data-rh="true" name="docusaurus_tag" content="docs-default-current"><meta data-rh="true" name="docsearch:version" content="current"><meta data-rh="true" name="docsearch:docusaurus_tag" content="docs-default-current"><meta data-rh="true" property="og:title" content="Models &amp; Model Generators | Mariana Trench"><meta data-rh="true" name="description" content="The main way to configure the analysis is through defining model generators. Each model generator defines (1) a filter, made up of constraints to specify the methods (or fields) for which a model should be generated, and (2) a model, an abstract representation of how data flows through a method."><meta data-rh="true" property="og:description" content="The main way to configure the analysis is through defining model generators. Each model generator defines (1) a filter, made up of constraints to specify the methods (or fields) for which a model should be generated, and (2) a model, an abstract representation of how data flows through a method."><link data-rh="true" rel="icon" href="/img/favicon.ico"><link data-rh="true" rel="canonical" href="https://mariana-tren.ch/docs/models/"><link data-rh="true" rel="alternate" href="https://mariana-tren.ch/docs/models/" hreflang="en"><link data-rh="true" rel="alternate" href="https://mariana-tren.ch/docs/models/" hreflang="x-default"><link rel="alternate" type="application/rss+xml" href="/blog/rss.xml" title="Mariana Trench RSS Feed">
 <link rel="alternate" type="application/atom+xml" href="/blog/atom.xml" title="Mariana Trench Atom Feed"><link rel="stylesheet" href="/assets/css/styles.e56ff910.css">
-<link rel="preload" href="/assets/js/runtime~main.4240a0ef.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.12fefa2a.js" as="script">
 <link rel="preload" href="/assets/js/main.98fb840d.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
 <script>!function(){function t(t){document.documentElement.setAttribute("data-theme",t)}var e=function(){var t=null;try{t=localStorage.getItem("theme")}catch(t){}return t}();t(null!==e?e:"light")}()</script>
 <div style="display: none; text-align: center; background-color: white; color: black;" id="internaldocs-banner"></div><div id="__docusaurus">
-<div role="region" aria-label="theme.common.skipToMainContent"><a href="#" class="skipToContent_fXgn">Skip to main content</a></div><nav class="navbar navbar--fixed-top"><div class="navbar__inner"><div class="navbar__items"><button aria-label="Navigation bar toggle" class="navbar__toggle clean-btn" type="button" tabindex="0"><svg width="30" height="30" viewBox="0 0 30 30" aria-hidden="true"><path stroke="currentColor" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2" d="M4 7h22M4 15h22M4 23h22"></path></svg></button><a class="navbar__brand" href="/"><b class="navbar__title text--truncate">Mariana Trench</b></a><a aria-current="page" class="navbar__item navbar__link navbar__link--active" href="/docs/overview/">Documentation</a></div><div class="navbar__items navbar__items--right"><a href="https://github.com/facebook/mariana-trench" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link">GitHub<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a><div class="searchBox_ZlJk"></div></div></div><div role="presentation" class="navbar-sidebar__backdrop"></div></nav><div class="main-wrapper mainWrapper_z2l0 docsWrapper_BCFX"><button aria-label="Scroll back to top" class="clean-btn theme-back-to-top-button backToTopButton_sjWU" type="button"></button><div class="docPage__5DB"><aside class="theme-doc-sidebar-container docSidebarContainer_b6E3"><div class="sidebar_njMd"><nav class="menu thin-scrollbar menu_SIkG"><ul class="theme-doc-sidebar-menu menu__list"><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret menu__link--active" aria-expanded="true" href="/docs/overview/">User Guide</a></div><ul style="display:block;overflow:visible;height:auto" class="menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/overview/">Overview</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/getting-started/">Getting Started</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/configuration/">Configuration</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/customize-sources-and-sinks/">Customize Sources and Sinks</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/rules/">Rules</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link menu__link--active" aria-current="page" tabindex="0" href="/docs/models/">Models &amp; Model Generators</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/shims/">Shims</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/feature-descriptions/">Feature Glossary</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/known-false-negatives/">Known False Negatives</a></li></ul></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/docs/contribution/">Developer Guide</a></div></li></ul></nav></div></aside><main class="docMainContainer_gTbr"><div class="container padding-top--md padding-bottom--lg"><div class="row"><div class="col docItemCol_VOVn"><div class="docItemContainer_Djhp"><article><nav class="theme-doc-breadcrumbs breadcrumbsContainer_Z_bl" aria-label="Breadcrumbs"><ul class="breadcrumbs" itemscope="" itemtype="https://schema.org/BreadcrumbList"><li class="breadcrumbs__item"><a aria-label="Home page" class="breadcrumbs__link" href="/"><svg viewBox="0 0 24 24" class="breadcrumbHomeIcon_OVgt"><path d="M10 19v-5h4v5c0 .55.45 1 1 1h3c.55 0 1-.45 1-1v-7h1.7c.46 0 .68-.57.33-.87L12.67 3.6c-.38-.34-.96-.34-1.34 0l-8.36 7.53c-.34.3-.13.87.33.87H5v7c0 .55.45 1 1 1h3c.55 0 1-.45 1-1z" fill="currentColor"></path></svg></a></li><li class="breadcrumbs__item"><span class="breadcrumbs__link">User Guide</span><meta itemprop="position" content="1"></li><li itemscope="" itemprop="itemListElement" itemtype="https://schema.org/ListItem" class="breadcrumbs__item breadcrumbs__item--active"><span class="breadcrumbs__link" itemprop="name">Models &amp; Model Generators</span><meta itemprop="position" content="2"></li></ul></nav><div class="tocCollapsible_ETCw theme-doc-toc-mobile tocMobile_ITEo"><button type="button" class="clean-btn tocCollapsibleButton_TO0P">On this page</button></div><div class="theme-doc-markdown markdown"><header><h1>Models &amp; Model Generators</h1></header><p>The main way to configure the analysis is through defining model generators. Each model generator defines (1) a <strong>filter</strong>, made up of constraints to specify the methods (or fields) for which a model should be generated, and (2) a <strong>model</strong>, an abstract representation of how data flows through a method.</p><p>Model generators are what define Sink and Source kinds which are the key component of <a href="/docs/rules/">Rules</a>. Model generators can do other things too, like attach <strong>features</strong> (a.k.a. breadcrumbs) to flows and <strong>sanitize</strong> (redact) flows which go through certain &quot;data-safe&quot; methods (e.g. a method which hashes a user&#x27;s password).</p><p>Filters are conceptually straightforward. Thus, this page focuses heavily on conceptualizing and providing examples for the various types of models. See the <a href="#model-generators">Model Generators</a> section for full implementation documentation for both filters and models.</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="models">Models<a class="hash-link" href="#models" title="Direct link to heading">​</a></h2><p>A model is an abstract representation of how data flows through a method.</p><p>A model essentialy consists of:</p><ul><li><a href="#sources">Sources</a>: a set of sources that the method produces or receives on parameters;</li><li><a href="#sinks">Sinks</a>: a set of sinks on the method;</li><li><a href="#propagation">Propagation</a>: a description of how the method propagates taint coming into it (e.g, the first parameter updates the second, the second parameter updates the return value, etc.);</li><li><a href="#attach-to-sources">Attach to Sources</a>: a set of features/breadcrumbs to add on an any sources flowing out of the method;</li><li><a href="#attach-to-sinks">Attach to Sinks</a>: a set of features/breadcrumbs to add on sinks of a given parameter;</li><li><a href="#attach-to-propagations">Attach to Propagations</a>: a set of features/breadcrumbs to add on propagations for a given parameter or return value;</li><li><a href="#add-features-to-arguments">Add Features to Arguments</a>: a set of features/breadcrumbs to add on any taint that might flow in a given parameter;</li><li><a href="#sanitizers">Sanitizers</a>: specifications of taint flows to stop;</li><li><a href="#modes">Modes</a>: a set of flags describing specific behaviors (see below).</li></ul><p>Models can be specified in JSON. For example to mark the string parameter to our <code>Logger.log</code> function as a sink we can specify it as</p><div class="language-json codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-json codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;find&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;methods&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;where&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;signature_match&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;parent&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Lcom/example/Logger;&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;name&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;log&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;model&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token property">&quot;sinks&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;kind&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Logging&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;port&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Argument(1)&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>Note that the naming of methods follow the <a href="#method-name-format">Dalvik&#x27;s bytecode format</a>.</p><h3 class="anchor anchorWithStickyNavbar_LWe7" id="method-name-format">Method name format<a class="hash-link" href="#method-name-format" title="Direct link to heading">​</a></h3><p>The format used for method names is:</p><p><code>&lt;className&gt;.&lt;methodName&gt;:(&lt;parameterType1&gt;&lt;parameterType2&gt;)&lt;returnType&gt;</code></p><p>Example: <code>Landroidx/fragment/app/Fragment;.startActivity:(Landroid/content/Intent;)V</code></p><p>For the parameters and return types use the following table to pick the correct one (please refer to <a href="https://docs.oracle.com/javase/specs/jvms/se7/html/jvms-4.html#jvms-4.3.2-200" target="_blank" rel="noopener noreferrer">JVM doc</a> for more details)</p><ul><li>V - void</li><li>Z - boolean</li><li>B - byte</li><li>S - short</li><li>C - char</li><li>I - int</li><li>J - long (64 bits)</li><li>F - float</li><li>D - double (64 bits)</li></ul><p>Classes take the form <code>Lpackage/name/ClassName;</code> - where the leading <code>L</code> indicates that it is a class type, <code>package/name/</code> is the package that the class is in. A nested class will take the form <code>Lpackage/name/ClassName$NestedClassName</code> (the <code>$</code> will need to be double escaped <code>\\$</code> in json regex).</p><blockquote><p><strong>NOTE:</strong> Instance (i.e, non-static) method parameters are indexed starting from 1! The 0th parameter is the <code>this</code> parameter in dalvik byte-code. For static method parameter, indices start from 0.</p></blockquote><h3 class="anchor anchorWithStickyNavbar_LWe7" id="access-path-format">Access path format<a class="hash-link" href="#access-path-format" title="Direct link to heading">​</a></h3><p>An access path describes the symbolic location of a taint. This is commonly used to indicate where a source or a sink originates from. The &quot;port&quot; field of any model is represented by an access path.</p><p>An access path is composed of a root and a path.</p><p>The root is either:</p><ul><li><code>Return</code>, representing the returned value;</li><li><code>Argument(x)</code> (where <code>x</code> is an integer), representing the parameter number <code>x</code>;</li></ul><p>The path is a (possibly empty) list of path elements. A path element can be any of the following kinds:</p><ul><li><code>field</code>: represents a field name. String encoding is a dot followed by the field name: <code>.field_name</code>;</li><li><code>index</code>: represents a user defined index for dictionary like objects. String encoding uses square braces to enclose any user defined index: <code>[index_name]</code>;</li><li><code>any index</code>: represents any or unresolved indices in dictionary like objects. String encoding is an asterisk enclosed in square braces: <code>[*]</code>;</li><li><code>index from value of</code>: captures the value of the specified callable&#x27;s port seen at its callsites during taint flow analysis as an <code>index</code> or <code>any index</code> (if the value cannot be resolved). String encoding uses <em>argument root</em> to specify the callable&#x27;s port and encloses it in <code>[&lt;</code>...<code>&gt;]</code> to represent that its value is resolved at the callsite to create an index: <code>[&lt;Argument(x)&gt;]</code>;</li></ul><p>Examples:</p><ul><li><code>Argument(1).name</code> corresponds to the <em>field</em> <code>name</code> of the second parameter;</li><li><code>Argument(1)[name]</code> corresponds to the <em>index</em> <code>name</code> of the dictionary like second parameter;</li><li><code>Argument(1)[*]</code> corresponds to <em>any index</em> of the dictionary like second parameter;</li><li><code>Argument(1)[&lt;Argument(2)&gt;]</code> corresponds to an <em>index</em> of the dictionary like second parameter whose value is resolved from the third parameter;</li><li><code>Return</code> corresponds to the returned value;</li><li><code>Return.x</code> correpsonds to the field <code>x</code> of the returned value;</li></ul><h3 class="anchor anchorWithStickyNavbar_LWe7" id="kinds">Kinds<a class="hash-link" href="#kinds" title="Direct link to heading">​</a></h3><p>A source has a <strong>kind</strong> that describes its content (e.g, user input, file system, etc). A sink also has a <strong>kind</strong> that describes the operation the method performs (e.g, execute a command, read a file, etc.). Kinds can be arbitrary strings (e.g, <code>UserInput</code>). We usually avoid whitespaces.</p><h3 class="anchor anchorWithStickyNavbar_LWe7" id="sources">Sources<a class="hash-link" href="#sources" title="Direct link to heading">​</a></h3><p>Sources describe sources produced or received by a given method. A source can either flow out via the return value or flow via a given parameter. A source has a <strong>kind</strong> that describes its content (e.g, user input, file system, etc).</p><p>Here is an example where the source flows by return value:</p><div class="language-java codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-java codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">public static String getPath() {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    return System.getenv().get(&quot;PATH&quot;);</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>The JSON model generator for this method could be:</p><div class="language-json codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-json codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;find&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;methods&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;where&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;signature_match&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;parent&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Lcom/example/Class;&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;name&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;getPath&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;model&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token property">&quot;sources&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;kind&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;UserControlled&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;port&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Return&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>Here is an example where the source flows in via an argument:</p><div class="language-java codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-java codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">class MyActivity extends Activity {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  public void onNewIntent(Intent intent) {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    // intent should be considered a source here.</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  }</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>The JSON model generator for this method could be:</p><div class="language-json codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-json codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;find&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;methods&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;where&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;signature_match&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;extends&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Landroid/app/Activity&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;name&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;onNewIntent&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;model&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token property">&quot;sources&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;kind&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;UserControlled&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;port&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Argument(1)&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>Note that the implicit <code>this</code> parameter is considered the argument 0.</p><h3 class="anchor anchorWithStickyNavbar_LWe7" id="sinks">Sinks<a class="hash-link" href="#sinks" title="Direct link to heading">​</a></h3><p>Sinks describe dangerous or sensitive methods in the code. A sink has a <strong>kind</strong> that represents the type of operation the method does (e.g, command execution, file system operation, etc). A sink must be attached to a given parameter of the method. A method can have multiple sinks.</p><p>Here is an example of a sink:</p><div class="language-java codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-java codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">public static String readFile(String path, String extension, int mode) {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    // Return the content of the file path.extension</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>Since <code>path</code> and <code>extension</code> can be used to read arbitrary files, we consider them sinks. We do not consider <code>mode</code> as a sink since we do not care whether the user can control it. The JSON model generator for this method could be:</p><div class="language-json codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-json codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;find&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;methods&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;where&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;signature_match&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;parent&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Lcom/example/Class&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;name&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;readFile&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;model&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token property">&quot;sinks&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;kind&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;FileRead&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;port&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Argument(0)&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;kind&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;FileRead&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;port&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Argument(1)&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><h3 class="anchor anchorWithStickyNavbar_LWe7" id="return-sinks">Return Sinks<a class="hash-link" href="#return-sinks" title="Direct link to heading">​</a></h3><p>Return sinks can be used to describe that a method should not return tainted information. A return sink is just a normal sink with a <code>Return</code> port.</p><h3 class="anchor anchorWithStickyNavbar_LWe7" id="propagation">Propagation<a class="hash-link" href="#propagation" title="Direct link to heading">​</a></h3><p>Propagations − also called <strong>tito</strong> (Taint In Taint Out) or <strong>passthrough</strong> in other tools − describe how the method propagates taint. A propagation as an <strong>input</strong> (where the taint comes from) and an <strong>output</strong> (where the taint is moved to).</p><p>Here is an example of a propagation:</p><div class="language-java codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-java codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">public static String concat(String x, String y) {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  return x + y;</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>The return value of the method can be controlled by both parameters, hence it has the propagations <code>Argument(0) -&gt; Return</code> and <code>Argument(1) -&gt; Return</code>. The JSON model generator for this method could be:</p><div class="language-json codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-json codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;find&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;methods&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;where&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;signature_match&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;parent&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Lcom/example/Class&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;name&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;concat&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;model&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token property">&quot;propagation&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;input&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Argument(0)&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;output&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Return&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;input&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Argument(1)&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;output&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Return&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><h3 class="anchor anchorWithStickyNavbar_LWe7" id="features">Features<a class="hash-link" href="#features" title="Direct link to heading">​</a></h3><p>Features (also called <strong>breadcrumbs</strong>) can be used to tag a flow and help filtering issues. A feature describes a property of a flow. A feature can be any arbitrary string.</p><p>For instance, the feature <code>via-numerical-operator</code> is used to describe that the data flows through a numerical operator such as an addition.</p><p>Features are very useful to filter flows in the SAPP UI. E.g. flows with a cast from string to integer are can sometimes be less important during triaging since controlling an integer is more difficult to exploit than controlling a full string.</p><p>Note that features <strong>do not stop</strong> the flow, they just help triaging.</p><h4 class="anchor anchorWithStickyNavbar_LWe7" id="attach-to-sources">Attach to Sources<a class="hash-link" href="#attach-to-sources" title="Direct link to heading">​</a></h4><p><em>Attach to sources</em> is used to add a set of <a href="#features">features</a> on any sources flowing out of a method through a given parameter or return value.</p><p>For instance, if we want to add the feature <code>via-signed</code> to all sources flowing out of the given method:</p><div class="language-java codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-java codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">public String getSignedCookie();</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>We could use the following JSON model generator:</p><div class="language-json codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-json codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;find&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;methods&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;where&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;signature_match&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;parent&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Lcom/example/Class&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;name&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;getSignedCookie&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;model&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token property">&quot;attach_to_sources&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;features&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">          </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;via-signed&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;port&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Return&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>Note that this is only useful for sources inferred by the analysis. If you know that <code>getSignedCookie</code> returns a source of a given kind, you should use a source instead.</p><h4 class="anchor anchorWithStickyNavbar_LWe7" id="attach-to-sinks">Attach to Sinks<a class="hash-link" href="#attach-to-sinks" title="Direct link to heading">​</a></h4><p><em>Attach to sinks</em> is used to add a set of <a href="#features">features</a> on all sinks on the given parameter of a method.</p><p>For instance, if we want to add the feature <code>via-user</code> on all sinks of the given method:</p><div class="language-java codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-java codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">class User {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  public static User findUser(String username) {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    // The code here might use SQL, Thrift, or anything. We don&#x27;t need to know.</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  }</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>We could use the following JSON model generator:</p><div class="language-json codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-json codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;find&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;methods&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;where&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;signature_match&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;parent&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Lcom/example/User&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;name&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;findUser&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;model&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token property">&quot;attach_to_sinks&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;features&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">          </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;via-user&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;port&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Argument(0)&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>Note that this is only useful for sinks inferred by the analysis. If you know that <code>findUser</code> is a sink of a given kind, you should use a sink instead.</p><h4 class="anchor anchorWithStickyNavbar_LWe7" id="attach-to-propagations">Attach to Propagations<a class="hash-link" href="#attach-to-propagations" title="Direct link to heading">​</a></h4><p><em>Attach to propagations</em> is used to add a set of <a href="#features">features</a> on all propagations from or to a given parameter or return value of a method.</p><p>For instance, if we want to add the feature <code>via-concat</code> to the propagations of the given method:</p><div class="language-java codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-java codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">public static String concat(String x, String y);</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>We could use the following JSON model generator:</p><div class="language-json codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-json codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;find&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;methods&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;where&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;signature_match&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;parent&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Lcom/example/Class&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;name&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;concat&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;model&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token property">&quot;attach_to_propagations&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;features&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">          </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;via-concat&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;port&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Return&quot;</span><span class="token plain"> </span><span class="token comment" style="color:rgb(105, 112, 152);font-style:italic">// We could also use Argument(0) and Argument(1)</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>Note that this is only useful for propagations inferred by the analysis. If you know that <code>concat</code> has a propagation, you should model it as a propagation directly.</p><h4 class="anchor anchorWithStickyNavbar_LWe7" id="add-features-to-arguments">Add Features to Arguments<a class="hash-link" href="#add-features-to-arguments" title="Direct link to heading">​</a></h4><p><em>Add features to arguments</em> is used to add a set of <a href="#features">features</a> on all sources that <strong>might</strong> flow on a given parameter of a method.</p><p><em>Add features to arguments</em> implies <em>Attach to sources</em>, <em>Attach to sinks</em> and <em>Attach to propagations</em>, but it also accounts for possible side effects at call sites.</p><p>For instance:</p><div class="language-java codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-java codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">public static void log(String message) {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  System.out.println(message);</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">}</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">public void buyView() {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  String username = getParameter(&quot;username&quot;);</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  String product = getParameter(&quot;product&quot;);</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  log(username);</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  buy(username, product);</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>Technically, the <code>log</code> method doesn&#x27;t have any source, sink or propagation. We can use <em>add features to arguments</em> to add a feature <code>was-logged</code> on the flow from <code>getParameter(&quot;username&quot;)</code> to <code>buy(username, product)</code>. We could use the following JSON model generator for the <code>log</code> method:</p><div class="language-json codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-json codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;find&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;methods&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;where&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;signature_match&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;parent&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Lcom/example/Class&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;name&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;log&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;model&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token property">&quot;add_features_to_arguments&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;features&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">          </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;was-logged&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;port&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Argument(0)&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><h4 class="anchor anchorWithStickyNavbar_LWe7" id="via-type-features">Via-type Features<a class="hash-link" href="#via-type-features" title="Direct link to heading">​</a></h4><p><em>Via-type</em> features are used to keep track of the type of a callable’s port seen at its callsites during taint flow analysis. They are specified in model generators within the “sources” or “sinks” field of a model with the “via_type_of” field. It is mapped to a nonempty list of ports of the method for which we want to create via-type features.</p><p>For example, if we were interested in the specific Activity subclasses with which the method below was called:</p><div class="language-java codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-java codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">public void startActivityForResult(Intent intent, int requestCode);</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">// At some callsite:</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">ActivitySubclass activitySubclassInstance;</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">activitySubclassInstance.startActivityForResult(intent, requestCode);</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain" style="display:inline-block"></span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>we could use the following JSON to specifiy a via-type feature that would materialize as <code>via-type:ActivitySubclass</code>:</p><div class="language-json codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-json codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;find&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;methods&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;where&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;signature_match&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;parent&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Lcom/example/Class&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;name&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;startActivityForResult&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;model&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token property">&quot;sinks&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;port&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Argument(1)&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;kind&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;SinkKind&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;via_type_of&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">          </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Argument(0)&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><h4 class="anchor anchorWithStickyNavbar_LWe7" id="via-value-features">Via-value Features<a class="hash-link" href="#via-value-features" title="Direct link to heading">​</a></h4><p><em>Via-value</em> feature captures the value of the specified callable&#x27;s port seen at its callsites during taint flow analysis. They are specified similar to <code>Via-type</code> features -- in model generators within the &quot;sources&quot; or &quot;sinks&quot; field of a model with the &quot;via_value_of&quot; field. It is mapped to a nonempty list of ports of the method for which we want to create via-value features.</p><p>For example, if we were interested in the specific <code>mode</code> with which the method below was called:</p><div class="language-java codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-java codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">public void log(String mode, String message);</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">class Constants {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  public static final String MODE = &quot;M1&quot;;</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">}</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">// At some callsite:</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">log(Constants.MODE, &quot;error message&quot;);</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain" style="display:inline-block"></span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>we could use the following JSON to specifiy a via-value feature that would materialize as <code>via-value:M1</code>:</p><div class="language-json codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-json codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;find&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;methods&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;where&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;signature_match&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;parent&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Lcom/example/Class&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;name&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;log&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;model&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token property">&quot;sinks&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;port&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Argument(1)&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;kind&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;SinkKind&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;via_value_of&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">          </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Argument(0)&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>Note that this only works for numeric and string literals. In cases where the argument is not a constant, the feature will appear as <code>via-value:unknown</code>.</p><h3 class="anchor anchorWithStickyNavbar_LWe7" id="taint-broadening">Taint Broadening<a class="hash-link" href="#taint-broadening" title="Direct link to heading">​</a></h3><p><strong>Taint broadening</strong> (also called <strong>collapsing</strong>) happens when Mariana Trench needs to make an approximation about a taint flow. It is the operation of reducing a <strong>taint tree</strong> into a single element. A <strong>taint tree</strong> is a tree where edges are field names and nodes are taint element. This is how Mariana Trench represents internally which fields (or sequence of fields) are tainted.</p><p>For instance, analyzing the following code:</p><div class="language-java codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-java codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">MyClass var = new MyClass();</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">var.a = sourceX();</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">var.b.c = sourceY();</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">var.b.d = sourceZ();</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>The taint tree of variable <code>var</code> would be:</p><div class="codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-text codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">      .</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  a /   \ b</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> { X }    .</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">       c / \ d</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">     { Y }  { Z }</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>After collapsing, the tree is reduced to a single node <code>{ X, Y, Z }</code>, which is less precise.</p><p>In conclusion, taint broadening effectively leads to considering the whole object as tainted while only some specific fields were initially tainted. This might happen for the correctness of the analysis or for performance reasons.</p><p>In the following sections, we will discuss when collapsing can happen. In most cases, a feature is automatically added on collapsed taint to help detect false positives.</p><h4 class="anchor anchorWithStickyNavbar_LWe7" id="propagation-broadening">Propagation Broadening<a class="hash-link" href="#propagation-broadening" title="Direct link to heading">​</a></h4><p>Taint collapsing is applied when taint is propagated through a method.</p><p>For instance:</p><div class="language-java codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-java codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">MyClass input = new MyClass();</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">input.a = SourceX();</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">MyClass output = SomeClass.UnknownMethod(input);</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">Sink(output.b); // Considered an issue since `output` is considered tainted. This could be a False Negative without collapsing.</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>In that case, the <a href="#feature">feature</a> <code>via-propagation-broadening</code> will be automatically added on the taint. This can help identify false positives.</p><p>If you know that this method <strong>preserves the structure</strong> of the parameter, you could specify a model and disable collapsing using the <code>collapse</code> attribute within a <a href="#propagation"><code>propagation</code></a>:</p><div class="language-json codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-json codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;find&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;methods&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;where&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;signature_match&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;parent&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Lcom/example/SomeClass&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;name&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;UnknownMethod&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;model&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token property">&quot;propagation&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;input&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Argument(0)&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;output&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Return&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;collapse&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token boolean" style="color:rgb(255, 88, 116)">false</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>Note that Mariana Trench can usually infer when a method propagates taint without collapsing it when it has access to the code of that method and subsequent calls. For instance:</p><div class="language-java codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-java codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">public String identity(String x) {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  // Automatically infers a propagation `Arg(0) -&gt; Return` with `collapse=false`</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  return x;</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><h5 class="anchor anchorWithStickyNavbar_LWe7" id="issue-broadening-feature">Issue Broadening Feature<a class="hash-link" href="#issue-broadening-feature" title="Direct link to heading">​</a></h5><p>The <code>via-issue-broadening</code> feature is added to issues where the taint flowing into the sink was not held directly on the object passed in but on one of its fields. For example:</p><div class="language-java codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-java codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">Class input = new Class();</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">input.field = source();</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">sink(input); // `input` is not tainted, but `input.field` is tainted and creates an issue</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><h5 class="anchor anchorWithStickyNavbar_LWe7" id="widen-broadening-feature">Widen Broadening Feature<a class="hash-link" href="#widen-broadening-feature" title="Direct link to heading">​</a></h5><p>For performance reasons, if a given taint tree becomes very large (either in depth or in number of nodes at a given level), Mariana Trench collapses the tree to a smaller size. In these cases, the <code>via-widen-broadening</code> feature is added to the collapsed taint</p><div class="language-java codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-java codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">Class input = new Class();</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">if (\* condition *\) {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  input.field1 = source();</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  input.field2 = source();</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  ...</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">} else {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  input.fieldA = source();</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  input.fieldB = source();</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  ...</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">}</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">sink(input); // Too many fields are sources so the whole input object becomes tainted</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><h3 class="anchor anchorWithStickyNavbar_LWe7" id="sanitizers">Sanitizers<a class="hash-link" href="#sanitizers" title="Direct link to heading">​</a></h3><p>Specifying sanitizers on a model allow us to stop taint flowing through that method. In Mariana Trench, they can be one of three types -</p><ul><li><code>sources</code>: prevent any taint sources from flowing out of the method</li><li><code>sinks</code>: prevent taint from reaching any sinks within the method</li><li><code>propagations</code>: prevent propagations from being inferred between any two ports of the method.</li></ul><p>These can be specified in model generators as follows -</p><div class="language-json codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-json codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;find&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;methods&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;where&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> ...</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;model&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token property">&quot;sanitizers&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;sanitize&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;sources&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;sanitize&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;sinks&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;sanitize&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;propagations&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    ...</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>Note, if there are any user-specificed sources, sinks or propagations on the model, sanitizers will not affect them, but it will prevent them from being propagated outward to callsites.</p><h4 class="anchor anchorWithStickyNavbar_LWe7" id="kind-specific-sanitizers">Kind-specific Sanitizers<a class="hash-link" href="#kind-specific-sanitizers" title="Direct link to heading">​</a></h4><p><code>sources</code> and <code>sinks</code> sanitizers may include a list of kinds (each with or without a partial_label) to restrict the sanitizer to only sanitizing taint of those kinds. (When unspecified, as in the example above, all taint is sanitized regardless of kind).</p><div class="language-json codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-json codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token property">&quot;sanitizers&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token property">&quot;sanitize&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;sinks&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token property">&quot;kinds&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;kind&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;SinkKindA&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;kind&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;SinkKindB&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;partial_label&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;A&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><h4 class="anchor anchorWithStickyNavbar_LWe7" id="port-specific-sanitizers">Port-specific Sanitizers<a class="hash-link" href="#port-specific-sanitizers" title="Direct link to heading">​</a></h4><p>Sanitizers can also specify a specific port (<a href="/docs/models/#access-path-format">access path</a> root) they sanitize (ignoring all the rest). This field <code>port</code> has a slightly different meaning for each kind of sanitizer -</p><ul><li><code>sources</code>: represents the output port through which sources may not leave the method</li><li><code>sinks</code>: represents the input port through which taint may not trigger any sinks within the model</li><li><code>propagations</code>: represents the input port through which a propagation to any other port may not be inferred</li></ul><p>For example if the following method</p><div class="language-java codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-java codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">public void someMethod(Object argument1, Object argument2) {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  toSink(argument1);</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  toSink(argument2);</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>had the following sanitizer in its model,</p><div class="language-json codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-json codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token property">&quot;sanitizers&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token property">&quot;sanitize&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;sinks&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token property">&quot;port&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Argument(1)&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>Then a source flowing into <code>argument1</code> would be able to cause an issue, but not a source flowing into <code>argument2</code>.</p><p>Kind and port specifications may be included in the same sanitizer.</p><h3 class="anchor anchorWithStickyNavbar_LWe7" id="modes">Modes<a class="hash-link" href="#modes" title="Direct link to heading">​</a></h3><p>Modes are used to describe specific behaviors of methods. Available modes are:</p><ul><li><code>skip-analysis</code>: skip the analysis of the method;</li><li><code>add-via-obscure-feature</code>: add a feature/breadcrumb called <code>via-obscure:&lt;method&gt;</code> to sources flowing through this method;</li><li><code>taint-in-taint-out</code>: propagate the taint on arguments to the return value;</li><li><code>taint-in-taint-this</code>: propagate the taint on arguments into the <code>this</code> parameter;</li><li><code>no-join-virtual-overrides</code>: do not consider all possible overrides when handling a virtual call to this method;</li><li><code>no-collapse-on-propagation</code>: do not collapse input paths when applying propagations;</li><li><code>alias-memory-location-on-invoke</code>: aliases existing memory location at the callsite instead of creating a new one;</li><li><code>strong-write-on-propagation</code>: performs a strong write from input path to the output path on propagation;</li></ul><h3 class="anchor anchorWithStickyNavbar_LWe7" id="default-model">Default model<a class="hash-link" href="#default-model" title="Direct link to heading">​</a></h3><p>A default model is created for each method, except if it is provided by a model generator. The default model has a set of heuristics:</p><p>If the method has no source code, the model is automatically marked with the modes <code>skip-analysis</code> and <code>add-via-obscure-feature</code>.</p><p>If the method has more than 40 overrides, it is marked with the mode <code>no-join-virtual-overrides</code>.</p><p>Otherwise, the default model is empty (no sources/sinks/propagations).</p><h3 class="anchor anchorWithStickyNavbar_LWe7" id="field-models">Field Models<a class="hash-link" href="#field-models" title="Direct link to heading">​</a></h3><p>These models represent user-defined taint on class fields (as opposed to methods, as described in all the previous sections on this page). They are specified in a similar way to method models as described below.</p><blockquote><p><strong>NOTE:</strong> Field sources should not be applied to fields that are both final and of a primitive type (<code>int</code>, <code>char</code>, <code>float</code>, etc as well as <code>java.lang.String</code>) as the Java compiler optimizes accesses of these fields in the bytecode into accesses of the constant value they hold. In this scenario, Mariana Trench has no way of recognizing that the constant was meant to carry a source.</p></blockquote><p>Example field model generator for sources:</p><div class="language-json codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-json codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;find&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;fields&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;where&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;name&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;pattern&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;SOURCE_EXAMPLE&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;model&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token property">&quot;sources&quot;</span><span class="token plain"> </span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;kind&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;FieldSource&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>Example code:</p><div class="language-java codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-java codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">public class TestClass {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  // Field that we know to be tainted</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  public Object SOURCE_EXAMPLE = ...;</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  void flow() {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    sink(EXAMPLE, ...);</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  }</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>Example field model generator for sinks:</p><div class="language-json codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-json codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;find&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;fields&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;where&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;name&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;pattern&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;SINK_EXAMPLE&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;model&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token property">&quot;sinks&quot;</span><span class="token plain"> </span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;kind&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;FieldSink&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>Example code:</p><div class="language-java codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-java codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">public class TestClass {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  public Object SINK_EXAMPLE = ...;</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  void flow() {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    SINK_EXAMPLE = source();</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  }</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>Field signature formats follow the Dalvik bytecode format similar to methods as discussed <a href="#method-name-format">above</a>. This is of the form <code>&lt;className&gt;.&lt;fieldName&gt;:&lt;fieldType&gt;</code>.</p><h3 class="anchor anchorWithStickyNavbar_LWe7" id="literal-models">Literal Models<a class="hash-link" href="#literal-models" title="Direct link to heading">​</a></h3><p>Literal models represent user-defined taints on string literals matching configurable regular expressions. They can only be configured as sources and are intended to identify suspicious patterns, such as user-controlled data being concatenated with a string literal which looks like an SQL query.</p><blockquote><p><strong>NOTE:</strong> Each use of a literal in the analysed code which matches a pattern in a literal model will generate a new taint which needs to be explored by Mariana Trench. Using overly broad patterns like <code>.*</code> should thus be avoided, as they can lead to poor performance and high memory usage.</p></blockquote><p>Example literal models:</p><div class="codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-text codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">[</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    &quot;pattern&quot;: &quot;SELECT \\*.*&quot;,</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    &quot;description&quot;: &quot;Potential SQL Query&quot;,</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    &quot;sources&quot;: [</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        &quot;kind&quot;: &quot;SqlQuery&quot;</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      }</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    ]</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  },</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    &quot;pattern&quot;: &quot;AI[0-9A-Z]{16}&quot;,</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    &quot;description&quot;: &quot;Suspected Google API Key&quot;,</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    &quot;sources&quot;: [</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        &quot;kind&quot;: &quot;GoogleAPIKey&quot;</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      }</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    ]</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  }</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">]</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>Example code:</p><div class="language-java codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-java codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">void testRegexSource() {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  String prefix = &quot;SELECT * FROM USERS WHERE id = &quot;;</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  String aci = getAttackerControlledInput();</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  String query = prefix + aci; // Sink</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">}</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">void testRegexSourceGoogleApiKey() {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  String secret = &quot;AIABCD1234EFGH5678&quot;;</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  sink(secret);</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><h2 class="anchor anchorWithStickyNavbar_LWe7" id="model-generators">Model Generators<a class="hash-link" href="#model-generators" title="Direct link to heading">​</a></h2><p>Mariana Trench allows for dynamic model specifications. This allows a user to specify models of methods before running the analysis. This is used to specify sources, sinks, propagation and modes.</p><p>Model generators are specified in a generator configuration file, specified by the <code>--generator-configuration-path</code> parameter. By default, we use <a href="https://github.com/facebook/mariana-trench/blob/main/configuration/default_generator_config.json" target="_blank" rel="noopener noreferrer"><code>default_generator_config.json</code></a>.</p><h3 class="anchor anchorWithStickyNavbar_LWe7" id="example">Example<a class="hash-link" href="#example" title="Direct link to heading">​</a></h3><p>Examples of model generators are located in the <a href="https://github.com/facebook/mariana-trench/tree/main/configuration/model-generators" target="_blank" rel="noopener noreferrer"><code>configuration/model-generators</code></a> directory.</p><p>Below is an example of a JSON model generator:</p><div class="language-json codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-json codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;model_generators&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;find&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;methods&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;where&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;name&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"> </span><span class="token property">&quot;pattern&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;toString&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;model&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;propagation&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">          </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">            </span><span class="token property">&quot;input&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Argument(0)&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">            </span><span class="token property">&quot;output&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Return&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">          </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;find&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;methods&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;where&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">          </span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;parent&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">          </span><span class="token property">&quot;inner&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">            </span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;extends&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">            </span><span class="token property">&quot;inner&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">              </span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;name&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">              </span><span class="token property">&quot;pattern&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;SandcastleCommand&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">            </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">          </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;name&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"> </span><span class="token property">&quot;pattern&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Time&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;model&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;sources&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">          </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">            </span><span class="token property">&quot;kind&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Source&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">            </span><span class="token property">&quot;port&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Return&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">          </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;find&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;methods&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;where&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">          </span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;parent&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">          </span><span class="token property">&quot;inner&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">            </span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;extends&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">            </span><span class="token property">&quot;inner&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;name&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"> </span><span class="token property">&quot;pattern&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;IEntWithPurposePolicy&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">          </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;name&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"> </span><span class="token property">&quot;pattern&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;gen.*&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">          </span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;parameter&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">          </span><span class="token property">&quot;idx&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token number" style="color:rgb(247, 140, 108)">0</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">          </span><span class="token property">&quot;inner&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">            </span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;type&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">            </span><span class="token property">&quot;kind&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;extends&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">            </span><span class="token property">&quot;class&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;IViewerContext&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">          </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">          </span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;return&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">          </span><span class="token property">&quot;inner&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">            </span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;extends&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">            </span><span class="token property">&quot;inner&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;name&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"> </span><span class="token property">&quot;pattern&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Ent&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">          </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;model&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;modes&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token string" style="color:rgb(195, 232, 141)">&quot;add-via-obscure-feature&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;sinks&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">          </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">            </span><span class="token property">&quot;kind&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Sink&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">            </span><span class="token property">&quot;port&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Argument(0)&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">            </span><span class="token property">&quot;features&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token string" style="color:rgb(195, 232, 141)">&quot;via-gen&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">          </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><h3 class="anchor anchorWithStickyNavbar_LWe7" id="specification">Specification<a class="hash-link" href="#specification" title="Direct link to heading">​</a></h3><p>Each JSON file is a JSON object with a key <code>model_generators</code> associated with a list of &quot;rules&quot;.</p><p>Each &quot;rule&quot; defines a &quot;filter&quot; (which uses &quot;constraints&quot; to specify methods for which a &quot;model&quot; should be generated) and a &quot;model&quot;. A rule has the following key/values:</p><ul><li><p><code>find</code>: The type of thing to find. We support <code>methods</code> and <code>fields</code>;</p></li><li><p><code>where</code>: A list of &quot;constraints&quot;. All constraints <strong>must be satisfied</strong> by a method or field in order to generate a model for it. All the constraints are listed below, grouped by the type of object they are applied to:</p><ul><li><p><strong>Method</strong>:</p><ul><li><code>signature_match</code>: Expects at least one of the two allowed groups of extra properties: <code>[name | names] [parent | parents | extends [include_self]]</code> where:<ul><li><code>name</code> (a single string) or <code>names</code> (a list of alternative strings): is exact matched to the method name</li><li><code>parent</code> (a single string) or <code>parents</code> (a list of alternative strings) is exact matched to the class of the method or <code>extends</code> (either a single string or a list of alternative strings) is exact matched to the base classes or interfaces of the method. <code>extends</code> allows an additional property <code>includes_self</code> which is a boolean to indicate if the constraint is applied to the class itself or not.</li></ul></li><li><code>signature | signature_pattern</code>: Expects an extra property <code>pattern</code> which is a regex to fully match the full signature (class, method, argument types) of a method;<ul><li><strong>NOTE:</strong> Usage of this constraint is discouraged as it has poor performance. Try using <code>signature_match</code> instead!</li></ul></li><li><code>parent</code>: Expects an extra property <code>inner</code> <!-- -->[Type]<!-- --> which contains a nested constraint to apply to the class holding the method;</li><li><code>parameter</code>: Expects an extra properties <code>idx</code> and <code>inner</code> <!-- -->[Parameter]<!-- --> or <!-- -->[Type]<!-- -->, matches when the idx-th parameter of the function or method matches the nested constraint inner;</li><li><code>any_parameter</code>: Expects an optional extra property <code>start_idx</code> and <code>inner</code> <!-- -->[Parameter]<!-- --> or <!-- -->[Type]<!-- -->, matches when there is any parameters (starting at start_idx) of the function or method matches the nested constraint inner;</li><li><code>return</code>: Expects an extra property <code>inner</code> <!-- -->[Type]<!-- --> which contains a nested constraint to apply to the return of the method;</li><li><code>is_static | is_constructor | is_native | has_code</code>: Accepts an extra property <code>value</code> which is either <code>true</code> or <code>false</code>. By default, <code>value</code> is considered <code>true</code>;</li><li><code>number_parameters</code>: Expects an extra property <code>inner</code> <!-- -->[Integer]<!-- --> which contains a nested constraint to apply to the number of parameters (counting the implicit <code>this</code> parameter);</li><li><code>number_overrides</code>: Expects an extra property <code>inner</code> <!-- -->[Integer]<!-- --> which contains a nested constraint to apply on the number of method overrides.</li></ul></li><li><p><strong>Parameter:</strong></p><ul><li><code>parameter_has_annotation</code>: Expects an extra property <code>type</code> and an optional property <code>pattern</code>, respectively a string and a regex fully matching the value of the parameter annotation.</li></ul></li><li><p><strong>Type:</strong></p><ul><li><code>extends</code>: Expects an extra property <code>inner</code> <!-- -->[Type]<!-- --> which contains a nested constraint that must apply to one of the base classes or itself. The optional property <code>includes_self</code> is a boolean that tells whether the constraint must be applied on the type itself or not;</li><li><code>super</code>: Expects an extra property <code>inner</code> <!-- -->[Type]<!-- --> which contains a nested constraint that must apply on the direct superclass;</li><li><code>is_class | is_interface</code>: Accepts an extra property <code>value</code> which is either <code>true</code> or <code>false</code>. By default, <code>value</code> is considered <code>true</code>;</li></ul></li><li><p><strong>Field</strong>:</p><ul><li><code>signature</code>: Expects an extra property <code>pattern</code> which is a regex to fully match the full signature of the field. This is of the form <code>&lt;className&gt;.&lt;fieldName&gt;:&lt;fieldType&gt;</code>;</li><li><code>parent</code>: Expects an extra property <code>inner</code> <!-- -->[Type]<!-- --> which contains a nested constraint to apply to the class holding the field;</li><li><code>is_static</code>: Accepts an extra property <code>value</code> which is either <code>true</code> or <code>false</code>. By default, <code>value</code> is considered <code>true</code>;</li></ul></li><li><p><strong>Method, Type or Field:</strong></p><ul><li><code>name</code>: Expects an extra property <code>pattern</code> which is a regex to fully match the name of the item;</li><li><code>has_annotation</code>: Expects an extra property <code>type</code> and an optional property <code>pattern</code>, respectively a string and a regex fully matching the value of the annotation.</li><li><code>visibility</code>: Expects an extra property <code>is</code> which is either <code>public</code>, <code>private</code> or <code>protected</code>; (Note this does not apply to <code>Field</code>)</li></ul></li><li><p><strong>Integer:</strong></p><ul><li><code>&lt; | &lt;= | == | &gt; | &gt;= | !=</code>: Expects an extra property <code>value</code> which contains an integer that the input integer is compared with. The input is the left hand side.</li></ul></li><li><p><strong>Any (Method, Parameter, Type, Field or Integer):</strong></p><ul><li><code>all_of</code>: Expects an extra property <code>inners</code> <!-- -->[Any]<!-- --> which is an array holding nested constraints which must all apply;</li><li><code>any_of</code>: Expects an extra property <code>inners</code> <!-- -->[Any]<!-- --> which is an array holding nested constraints where one of them must apply;</li><li><code>not</code>: Expects an extra property <code>inner</code> <!-- -->[Any]<!-- --> which contains a nested constraint that should not apply. (Note this is not yet implemented for <code>Field</code>s)</li></ul></li></ul></li><li><p><code>model</code>: A model, describing sources/sinks/propagations/etc.</p><ul><li><p><strong>For method models</strong></p><ul><li><code>sources</code>*<!-- -->: A list of sources, i.e a source flowing out of the method via return value or flowing in via an argument. A source has the following key/values:<ul><li><code>kind</code>: The source name;</li><li><code>port</code>*<!-- -->*<!-- -->: The source access path (e.g, <code>&quot;Return&quot;</code> or <code>&quot;Argument(1)&quot;</code>);</li><li><code>features</code>*<!-- -->: A list of features/breadcrumbs names;</li><li><code>via_type_of</code>*<!-- -->: A list of ports;</li></ul></li><li><code>sinks</code>*<!-- -->: A list of sinks, i.e describing that a parameter of the method flows into a sink. A sink has the following key/values:<ul><li><code>kind</code>: The sink name;</li><li><code>port</code>: The sink access path (e.g, <code>&quot;Return&quot;</code> or <code>&quot;Argument(1)&quot;</code>);</li><li><code>features</code>*<!-- -->: A list of features/breadcrumbs names;</li><li><code>via_type_of</code>*<!-- -->: A list of ports;</li></ul></li><li><code>propagation</code>*<!-- -->: A list of propagations (also called passthrough) that describe whether a taint on a parameter should result in a taint on the return value or another parameter. A propagation has the following key/values:<ul><li><code>input</code>: The input access path (e.g, <code>&quot;Argument(1)&quot;</code>);</li><li><code>output</code>: The output access path (e.g, <code>&quot;Return&quot;</code> or <code>&quot;Argument(2)&quot;</code>);</li><li><code>features</code>*<!-- -->: A list of features/breadcrumbs names;</li></ul></li><li><code>attach_to_sources</code>*<!-- -->: A list of attach-to-sources that describe that all sources flowing out of the method on the given parameter or return value must have the given features. An attach-to-source has the following key/values:<ul><li><code>port</code>: The access path root (e.g, <code>&quot;Return&quot;</code> or <code>&quot;Argument(1)&quot;</code>);</li><li><code>features</code>: A list of features/breadcrumb names;</li></ul></li><li><code>attach_to_sinks</code>*<!-- -->: A list of attach-to-sinks that describe that all sources flowing in the method on the given parameter must have the given features. An attach-to-sink has the following key/values:<ul><li><code>port</code>: The access path root (e.g, <code>&quot;Argument(1)&quot;</code>);</li><li><code>features</code>: A list of features/breadcrumb names;</li></ul></li><li><code>attach_to_propagations</code>*<!-- -->: A list of attach-to-propagations that describe that inferred propagations of sources flowing in or out of a given parameter or return value must have the given features. An attach-to-propagation has the following key/values:<ul><li><code>port</code>: The access path root (e.g, <code>&quot;Return&quot;</code> or <code>&quot;Argument(1)&quot;</code>);</li><li><code>features</code>: A list of features/breadcrumb names;</li></ul></li><li><code>add_features_to_parameters</code>*<!-- -->: A list of add-features-to-parameters that describe that flows that might flow on the given parameter must have the given features. An add-features-to-parameter has the following key/values:<ul><li><code>port</code>: The access path root (e.g, <code>&quot;Argument(1)&quot;</code>);</li><li><code>features</code>: A list of features/breadcrumb names;</li></ul></li><li><code>modes</code>*<!-- -->: A list of mode names that describe specific behaviors of a method;</li><li><code>for_all_parameters</code>: Generate sources/sinks/propagations/attach<em>to</em>*<!-- --> for all parameters of a method that satisfy some constraints. It accepts the following key/values:<ul><li><code>variable</code>: A symbolic name for the parameter;</li><li><code>where</code>: An optional list of <!-- -->[Parameter]<!-- --> or <!-- -->[Type]<!-- --> constraints on the parameter;</li><li><code>sources | sinks | propagation</code>: Same as under &quot;model&quot;, but we accept the variable name as a parameter number.</li></ul></li></ul></li><li><p><code>verbosity</code>*<!-- -->: A logging level, to help debugging. 1 is the most verbose, 5 is the least. The default verbosity level is 5.</p></li><li><p><strong>For Field models</strong></p><ul><li><code>sources</code>*<!-- -->: A list of sources the field should hold. A source has the following key/values:<ul><li><code>kind</code>: The source name;</li><li><code>features</code>*<!-- -->: A list of features/breadcrumbs names;</li></ul></li><li><code>sinks</code>*<!-- -->: A list of sinks the field should hold. A sink has the following key/values:<ul><li><code>kind</code>: The sink name;</li><li><code>features</code>*<!-- -->: A list of features/breadcrumds names;</li></ul></li></ul></li></ul></li></ul><p>In the above bullets,</p><ul><li><code>*</code> denotes optional key/value.</li><li><code>**</code> denotes optional key/value. Default is <code>&quot;Return&quot;</code>.</li></ul><p>Note, the implicit <code>this</code> parameter for methods has the parameter number 0.</p><h3 class="anchor anchorWithStickyNavbar_LWe7" id="development">Development<a class="hash-link" href="#development" title="Direct link to heading">​</a></h3><h4 class="anchor anchorWithStickyNavbar_LWe7" id="when-sources-or-sinks-dont-appear-in-results">When Sources or Sinks don&#x27;t appear in Results<a class="hash-link" href="#when-sources-or-sinks-dont-appear-in-results" title="Direct link to heading">​</a></h4><ol><li><p>This could be because your model generator did not find any method matching your query. You can use the <code>&quot;verbosity&quot;: 1</code> option in your model generator to check if it matched any method. For instance:</p><div class="language-json codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-json codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;model_generators&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;find&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;methods&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;where&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token comment" style="color:rgb(105, 112, 152);font-style:italic">/* ... */</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;model&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token comment" style="color:rgb(105, 112, 152);font-style:italic">/* ... */</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;verbosity&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token number" style="color:rgb(247, 140, 108)">1</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>When running mariana trench, this should print:</p><div class="codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-text codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">INFO Method `...` satisfies all constraints in json model generator ...</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div></li><li><p>Make sure that your model generator is actually running. You can use the <code>--verbosity 2</code> option to check that. Make sure your model generator is specified in <code>configuration/default_generator_config.json</code>.</p></li><li><p>You can also check the output models. Use <code>grep SourceKind models@*</code> to see if your source or sink kind exists. Use <code>grep &#x27;Lcom/example/&lt;class-name&gt;;.&lt;method-name&gt;:&#x27; models@*</code> to see if a given method exists in the app.</p></li></ol><div></div></div><footer class="theme-doc-footer docusaurus-mt-lg"><div class="theme-doc-footer-edit-meta-row row"><div class="col"><a href="https://github.com/facebook/mariana-trench/tree/main/documentation/website/documentation/models.md" target="_blank" rel="noreferrer noopener" class="theme-edit-this-page"><svg fill="currentColor" height="20" width="20" viewBox="0 0 40 40" class="iconEdit_Z9Sw" aria-hidden="true"><g><path d="m34.5 11.7l-3 3.1-6.3-6.3 3.1-3q0.5-0.5 1.2-0.5t1.1 0.5l3.9 3.9q0.5 0.4 0.5 1.1t-0.5 1.2z m-29.5 17.1l18.4-18.5 6.3 6.3-18.4 18.4h-6.3v-6.2z"></path></g></svg>Edit this page</a></div><div class="col lastUpdated_vwxv"></div></div></footer></article><nav class="pagination-nav docusaurus-mt-lg" aria-label="Docs pages navigation"><a class="pagination-nav__link pagination-nav__link--prev" href="/docs/rules/"><div class="pagination-nav__sublabel">Previous</div><div class="pagination-nav__label">Rules</div></a><a class="pagination-nav__link pagination-nav__link--next" href="/docs/shims/"><div class="pagination-nav__sublabel">Next</div><div class="pagination-nav__label">Shims</div></a></nav></div></div><div class="col col--3"><div class="tableOfContents_bqdL thin-scrollbar theme-doc-toc-desktop"><ul class="table-of-contents table-of-contents__left-border"><li><a href="#models" class="table-of-contents__link toc-highlight">Models</a><ul><li><a href="#method-name-format" class="table-of-contents__link toc-highlight">Method name format</a></li><li><a href="#access-path-format" class="table-of-contents__link toc-highlight">Access path format</a></li><li><a href="#kinds" class="table-of-contents__link toc-highlight">Kinds</a></li><li><a href="#sources" class="table-of-contents__link toc-highlight">Sources</a></li><li><a href="#sinks" class="table-of-contents__link toc-highlight">Sinks</a></li><li><a href="#return-sinks" class="table-of-contents__link toc-highlight">Return Sinks</a></li><li><a href="#propagation" class="table-of-contents__link toc-highlight">Propagation</a></li><li><a href="#features" class="table-of-contents__link toc-highlight">Features</a></li><li><a href="#taint-broadening" class="table-of-contents__link toc-highlight">Taint Broadening</a></li><li><a href="#sanitizers" class="table-of-contents__link toc-highlight">Sanitizers</a></li><li><a href="#modes" class="table-of-contents__link toc-highlight">Modes</a></li><li><a href="#default-model" class="table-of-contents__link toc-highlight">Default model</a></li><li><a href="#field-models" class="table-of-contents__link toc-highlight">Field Models</a></li><li><a href="#literal-models" class="table-of-contents__link toc-highlight">Literal Models</a></li></ul></li><li><a href="#model-generators" class="table-of-contents__link toc-highlight">Model Generators</a><ul><li><a href="#example" class="table-of-contents__link toc-highlight">Example</a></li><li><a href="#specification" class="table-of-contents__link toc-highlight">Specification</a></li><li><a href="#development" class="table-of-contents__link toc-highlight">Development</a></li></ul></li></ul></div></div></div></div></main></div></div><footer class="footer footer--dark"><div class="container container-fluid"><div class="row footer__links"><div class="col footer__col"><div class="footer__title">Learn</div><ul class="footer__items clean-list"><li class="footer__item"><a class="footer__link-item" href="/docs/getting-started/">Getting Started</a></li></ul></div><div class="col footer__col"><div class="footer__title">Community</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://twitter.com/metaOpenSource" target="_blank" rel="noopener noreferrer" class="footer__link-item">Twitter<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div><div class="col footer__col"><div class="footer__title">More</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://github.com/facebook/mariana-trench" target="_blank" rel="noopener noreferrer" class="footer__link-item">GitHub<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div><div class="col footer__col"><div class="footer__title">Legal</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://opensource.facebook.com/legal/privacy/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Privacy<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li class="footer__item"><a href="https://opensource.facebook.com/legal/terms/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Terms<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div></div><div class="footer__bottom text--center"><div class="margin-bottom--sm"><a href="https://opensource.facebook.com" rel="noopener noreferrer" class="footerLogoLink_BH7S"><img src="/img/oss_logo.png" alt="Facebook Open Source Logo" class="themedImage_ToTc themedImage--light_HNdA footer__logo"><img src="/img/oss_logo.png" alt="Facebook Open Source Logo" class="themedImage_ToTc themedImage--dark_i4oU footer__logo"></a></div><div class="footer__copyright">Copyright © 2023 Meta Platforms, Inc. Built with Docusaurus.</div></div></div></footer></div>
-<script src="/assets/js/runtime~main.4240a0ef.js"></script>
+<div role="region" aria-label="theme.common.skipToMainContent"><a href="#" class="skipToContent_fXgn">Skip to main content</a></div><nav class="navbar navbar--fixed-top"><div class="navbar__inner"><div class="navbar__items"><button aria-label="Navigation bar toggle" class="navbar__toggle clean-btn" type="button" tabindex="0"><svg width="30" height="30" viewBox="0 0 30 30" aria-hidden="true"><path stroke="currentColor" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2" d="M4 7h22M4 15h22M4 23h22"></path></svg></button><a class="navbar__brand" href="/"><b class="navbar__title text--truncate">Mariana Trench</b></a><a aria-current="page" class="navbar__item navbar__link navbar__link--active" href="/docs/overview/">Documentation</a></div><div class="navbar__items navbar__items--right"><a href="https://github.com/facebook/mariana-trench" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link">GitHub<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a><div class="searchBox_ZlJk"></div></div></div><div role="presentation" class="navbar-sidebar__backdrop"></div></nav><div class="main-wrapper mainWrapper_z2l0 docsWrapper_BCFX"><button aria-label="Scroll back to top" class="clean-btn theme-back-to-top-button backToTopButton_sjWU" type="button"></button><div class="docPage__5DB"><aside class="theme-doc-sidebar-container docSidebarContainer_b6E3"><div class="sidebar_njMd"><nav class="menu thin-scrollbar menu_SIkG"><ul class="theme-doc-sidebar-menu menu__list"><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret menu__link--active" aria-expanded="true" href="/docs/overview/">User Guide</a></div><ul style="display:block;overflow:visible;height:auto" class="menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/overview/">Overview</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/getting-started/">Getting Started</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/configuration/">Configuration</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/customize-sources-and-sinks/">Customize Sources and Sinks</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/rules/">Rules</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link menu__link--active" aria-current="page" tabindex="0" href="/docs/models/">Models &amp; Model Generators</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/shims/">Shims</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/feature-descriptions/">Feature Glossary</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/known-false-negatives/">Known False Negatives</a></li></ul></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/docs/contribution/">Developer Guide</a></div></li></ul></nav></div></aside><main class="docMainContainer_gTbr"><div class="container padding-top--md padding-bottom--lg"><div class="row"><div class="col docItemCol_VOVn"><div class="docItemContainer_Djhp"><article><nav class="theme-doc-breadcrumbs breadcrumbsContainer_Z_bl" aria-label="Breadcrumbs"><ul class="breadcrumbs" itemscope="" itemtype="https://schema.org/BreadcrumbList"><li class="breadcrumbs__item"><a aria-label="Home page" class="breadcrumbs__link" href="/"><svg viewBox="0 0 24 24" class="breadcrumbHomeIcon_OVgt"><path d="M10 19v-5h4v5c0 .55.45 1 1 1h3c.55 0 1-.45 1-1v-7h1.7c.46 0 .68-.57.33-.87L12.67 3.6c-.38-.34-.96-.34-1.34 0l-8.36 7.53c-.34.3-.13.87.33.87H5v7c0 .55.45 1 1 1h3c.55 0 1-.45 1-1z" fill="currentColor"></path></svg></a></li><li class="breadcrumbs__item"><span class="breadcrumbs__link">User Guide</span><meta itemprop="position" content="1"></li><li itemscope="" itemprop="itemListElement" itemtype="https://schema.org/ListItem" class="breadcrumbs__item breadcrumbs__item--active"><span class="breadcrumbs__link" itemprop="name">Models &amp; Model Generators</span><meta itemprop="position" content="2"></li></ul></nav><div class="tocCollapsible_ETCw theme-doc-toc-mobile tocMobile_ITEo"><button type="button" class="clean-btn tocCollapsibleButton_TO0P">On this page</button></div><div class="theme-doc-markdown markdown"><header><h1>Models &amp; Model Generators</h1></header><p>The main way to configure the analysis is through defining model generators. Each model generator defines (1) a <strong>filter</strong>, made up of constraints to specify the methods (or fields) for which a model should be generated, and (2) a <strong>model</strong>, an abstract representation of how data flows through a method.</p><p>Model generators are what define Sink and Source kinds which are the key component of <a href="/docs/rules/">Rules</a>. Model generators can do other things too, like attach <strong>features</strong> (a.k.a. breadcrumbs) to flows and <strong>sanitize</strong> (redact) flows which go through certain &quot;data-safe&quot; methods (e.g. a method which hashes a user&#x27;s password).</p><p>Filters are conceptually straightforward. Thus, this page focuses heavily on conceptualizing and providing examples for the various types of models. See the <a href="#model-generators">Model Generators</a> section for full implementation documentation for both filters and models.</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="models">Models<a class="hash-link" href="#models" title="Direct link to heading">​</a></h2><p>A model is an abstract representation of how data flows through a method.</p><p>A model essentialy consists of:</p><ul><li><a href="#sources">Sources</a>: a set of sources that the method produces or receives on parameters;</li><li><a href="#sinks">Sinks</a>: a set of sinks on the method;</li><li><a href="#propagation">Propagation</a>: a description of how the method propagates taint coming into it (e.g, the first parameter updates the second, the second parameter updates the return value, etc.);</li><li><a href="#attach-to-sources">Attach to Sources</a>: a set of features/breadcrumbs to add on an any sources flowing out of the method;</li><li><a href="#attach-to-sinks">Attach to Sinks</a>: a set of features/breadcrumbs to add on sinks of a given parameter;</li><li><a href="#attach-to-propagations">Attach to Propagations</a>: a set of features/breadcrumbs to add on propagations for a given parameter or return value;</li><li><a href="#add-features-to-arguments">Add Features to Arguments</a>: a set of features/breadcrumbs to add on any taint that might flow in a given parameter;</li><li><a href="#sanitizers">Sanitizers</a>: specifications of taint flows to stop;</li><li><a href="#modes">Modes</a>: a set of flags describing specific behaviors (see below).</li></ul><p>Models can be specified in JSON. For example to mark the string parameter to our <code>Logger.log</code> function as a sink we can specify it as</p><div class="language-json codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-json codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;find&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;methods&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;where&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;signature_match&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;parent&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Lcom/example/Logger;&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;name&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;log&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;model&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token property">&quot;sinks&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;kind&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Logging&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;port&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Argument(1)&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>Note that the naming of methods follow the <a href="#method-name-format">Dalvik&#x27;s bytecode format</a>.</p><h3 class="anchor anchorWithStickyNavbar_LWe7" id="method-name-format">Method name format<a class="hash-link" href="#method-name-format" title="Direct link to heading">​</a></h3><p>The format used for method names is:</p><p><code>&lt;className&gt;.&lt;methodName&gt;:(&lt;parameterType1&gt;&lt;parameterType2&gt;)&lt;returnType&gt;</code></p><p>Example: <code>Landroidx/fragment/app/Fragment;.startActivity:(Landroid/content/Intent;)V</code></p><p>For the parameters and return types use the following table to pick the correct one (please refer to <a href="https://docs.oracle.com/javase/specs/jvms/se7/html/jvms-4.html#jvms-4.3.2-200" target="_blank" rel="noopener noreferrer">JVM doc</a> for more details)</p><ul><li>V - void</li><li>Z - boolean</li><li>B - byte</li><li>S - short</li><li>C - char</li><li>I - int</li><li>J - long (64 bits)</li><li>F - float</li><li>D - double (64 bits)</li></ul><p>Classes take the form <code>Lpackage/name/ClassName;</code> - where the leading <code>L</code> indicates that it is a class type, <code>package/name/</code> is the package that the class is in. A nested class will take the form <code>Lpackage/name/ClassName$NestedClassName</code> (the <code>$</code> will need to be double escaped <code>\\$</code> in json regex).</p><blockquote><p><strong>NOTE:</strong> Instance (i.e, non-static) method parameters are indexed starting from 1! The 0th parameter is the <code>this</code> parameter in dalvik byte-code. For static method parameter, indices start from 0.</p></blockquote><h3 class="anchor anchorWithStickyNavbar_LWe7" id="access-path-format">Access path format<a class="hash-link" href="#access-path-format" title="Direct link to heading">​</a></h3><p>An access path describes the symbolic location of a taint. This is commonly used to indicate where a source or a sink originates from. The &quot;port&quot; field of any model is represented by an access path.</p><p>An access path is composed of a root and a path.</p><p>The root is either:</p><ul><li><code>Return</code>, representing the returned value;</li><li><code>Argument(x)</code> (where <code>x</code> is an integer), representing the parameter number <code>x</code>;</li></ul><p>The path is a (possibly empty) list of path elements. A path element can be any of the following kinds:</p><ul><li><code>field</code>: represents a field name. String encoding is a dot followed by the field name: <code>.field_name</code>;</li><li><code>index</code>: represents a user defined index for dictionary like objects. String encoding uses square braces to enclose any user defined index: <code>[index_name]</code>;</li><li><code>any index</code>: represents any or unresolved indices in dictionary like objects. String encoding is an asterisk enclosed in square braces: <code>[*]</code>;</li><li><code>index from value of</code>: captures the value of the specified callable&#x27;s port seen at its callsites during taint flow analysis as an <code>index</code> or <code>any index</code> (if the value cannot be resolved). String encoding uses <em>argument root</em> to specify the callable&#x27;s port and encloses it in <code>[&lt;</code>...<code>&gt;]</code> to represent that its value is resolved at the callsite to create an index: <code>[&lt;Argument(x)&gt;]</code>;</li></ul><p>Examples:</p><ul><li><code>Argument(1).name</code> corresponds to the <em>field</em> <code>name</code> of the second parameter;</li><li><code>Argument(1)[name]</code> corresponds to the <em>index</em> <code>name</code> of the dictionary like second parameter;</li><li><code>Argument(1)[*]</code> corresponds to <em>any index</em> of the dictionary like second parameter;</li><li><code>Argument(1)[&lt;Argument(2)&gt;]</code> corresponds to an <em>index</em> of the dictionary like second parameter whose value is resolved from the third parameter;</li><li><code>Return</code> corresponds to the returned value;</li><li><code>Return.x</code> correpsonds to the field <code>x</code> of the returned value;</li></ul><h3 class="anchor anchorWithStickyNavbar_LWe7" id="kinds">Kinds<a class="hash-link" href="#kinds" title="Direct link to heading">​</a></h3><p>A source has a <strong>kind</strong> that describes its content (e.g, user input, file system, etc). A sink also has a <strong>kind</strong> that describes the operation the method performs (e.g, execute a command, read a file, etc.). Kinds can be arbitrary strings (e.g, <code>UserInput</code>). We usually avoid whitespaces.</p><h3 class="anchor anchorWithStickyNavbar_LWe7" id="sources">Sources<a class="hash-link" href="#sources" title="Direct link to heading">​</a></h3><p>Sources describe sources produced or received by a given method. A source can either flow out via the return value or flow via a given parameter. A source has a <strong>kind</strong> that describes its content (e.g, user input, file system, etc).</p><p>Here is an example where the source flows by return value:</p><div class="language-java codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-java codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">public static String getPath() {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    return System.getenv().get(&quot;PATH&quot;);</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>The JSON model generator for this method could be:</p><div class="language-json codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-json codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;find&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;methods&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;where&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;signature_match&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;parent&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Lcom/example/Class;&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;name&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;getPath&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;model&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token property">&quot;sources&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;kind&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;UserControlled&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;port&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Return&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>Here is an example where the source flows in via an argument:</p><div class="language-java codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-java codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">class MyActivity extends Activity {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  public void onNewIntent(Intent intent) {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    // intent should be considered a source here.</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  }</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>The JSON model generator for this method could be:</p><div class="language-json codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-json codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;find&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;methods&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;where&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;signature_match&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;extends&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Landroid/app/Activity&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;name&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;onNewIntent&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;model&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token property">&quot;sources&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;kind&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;UserControlled&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;port&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Argument(1)&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>Note that the implicit <code>this</code> parameter is considered the argument 0.</p><h3 class="anchor anchorWithStickyNavbar_LWe7" id="sinks">Sinks<a class="hash-link" href="#sinks" title="Direct link to heading">​</a></h3><p>Sinks describe dangerous or sensitive methods in the code. A sink has a <strong>kind</strong> that represents the type of operation the method does (e.g, command execution, file system operation, etc). A sink must be attached to a given parameter of the method. A method can have multiple sinks.</p><p>Here is an example of a sink:</p><div class="language-java codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-java codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">public static String readFile(String path, String extension, int mode) {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    // Return the content of the file path.extension</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>Since <code>path</code> and <code>extension</code> can be used to read arbitrary files, we consider them sinks. We do not consider <code>mode</code> as a sink since we do not care whether the user can control it. The JSON model generator for this method could be:</p><div class="language-json codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-json codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;find&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;methods&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;where&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;signature_match&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;parent&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Lcom/example/Class&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;name&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;readFile&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;model&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token property">&quot;sinks&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;kind&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;FileRead&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;port&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Argument(0)&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;kind&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;FileRead&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;port&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Argument(1)&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><h3 class="anchor anchorWithStickyNavbar_LWe7" id="return-sinks">Return Sinks<a class="hash-link" href="#return-sinks" title="Direct link to heading">​</a></h3><p>Return sinks can be used to describe that a method should not return tainted information. A return sink is just a normal sink with a <code>Return</code> port.</p><h3 class="anchor anchorWithStickyNavbar_LWe7" id="propagation">Propagation<a class="hash-link" href="#propagation" title="Direct link to heading">​</a></h3><p>Propagations − also called <strong>tito</strong> (Taint In Taint Out) or <strong>passthrough</strong> in other tools − describe how the method propagates taint. A propagation as an <strong>input</strong> (where the taint comes from) and an <strong>output</strong> (where the taint is moved to).</p><p>Here is an example of a propagation:</p><div class="language-java codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-java codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">public static String concat(String x, String y) {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  return x + y;</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>The return value of the method can be controlled by both parameters, hence it has the propagations <code>Argument(0) -&gt; Return</code> and <code>Argument(1) -&gt; Return</code>. The JSON model generator for this method could be:</p><div class="language-json codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-json codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;find&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;methods&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;where&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;signature_match&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;parent&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Lcom/example/Class&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;name&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;concat&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;model&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token property">&quot;propagation&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;input&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Argument(0)&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;output&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Return&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;input&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Argument(1)&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;output&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Return&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><h3 class="anchor anchorWithStickyNavbar_LWe7" id="features">Features<a class="hash-link" href="#features" title="Direct link to heading">​</a></h3><p>Features (also called <strong>breadcrumbs</strong>) can be used to tag a flow and help filtering issues. A feature describes a property of a flow. A feature can be any arbitrary string.</p><p>For instance, the feature <code>via-numerical-operator</code> is used to describe that the data flows through a numerical operator such as an addition.</p><p>Features are very useful to filter flows in the SAPP UI. E.g. flows with a cast from string to integer are can sometimes be less important during triaging since controlling an integer is more difficult to exploit than controlling a full string.</p><p>Note that features <strong>do not stop</strong> the flow, they just help triaging.</p><h4 class="anchor anchorWithStickyNavbar_LWe7" id="attach-to-sources">Attach to Sources<a class="hash-link" href="#attach-to-sources" title="Direct link to heading">​</a></h4><p><em>Attach to sources</em> is used to add a set of <a href="#features">features</a> on any sources flowing out of a method through a given parameter or return value.</p><p>For instance, if we want to add the feature <code>via-signed</code> to all sources flowing out of the given method:</p><div class="language-java codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-java codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">public String getSignedCookie();</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>We could use the following JSON model generator:</p><div class="language-json codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-json codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;find&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;methods&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;where&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;signature_match&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;parent&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Lcom/example/Class&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;name&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;getSignedCookie&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;model&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token property">&quot;attach_to_sources&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;features&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">          </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;via-signed&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;port&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Return&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>Note that this is only useful for sources inferred by the analysis. If you know that <code>getSignedCookie</code> returns a source of a given kind, you should use a source instead.</p><h4 class="anchor anchorWithStickyNavbar_LWe7" id="attach-to-sinks">Attach to Sinks<a class="hash-link" href="#attach-to-sinks" title="Direct link to heading">​</a></h4><p><em>Attach to sinks</em> is used to add a set of <a href="#features">features</a> on all sinks on the given parameter of a method.</p><p>For instance, if we want to add the feature <code>via-user</code> on all sinks of the given method:</p><div class="language-java codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-java codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">class User {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  public static User findUser(String username) {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    // The code here might use SQL, Thrift, or anything. We don&#x27;t need to know.</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  }</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>We could use the following JSON model generator:</p><div class="language-json codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-json codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;find&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;methods&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;where&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;signature_match&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;parent&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Lcom/example/User&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;name&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;findUser&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;model&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token property">&quot;attach_to_sinks&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;features&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">          </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;via-user&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;port&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Argument(0)&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>Note that this is only useful for sinks inferred by the analysis. If you know that <code>findUser</code> is a sink of a given kind, you should use a sink instead.</p><h4 class="anchor anchorWithStickyNavbar_LWe7" id="attach-to-propagations">Attach to Propagations<a class="hash-link" href="#attach-to-propagations" title="Direct link to heading">​</a></h4><p><em>Attach to propagations</em> is used to add a set of <a href="#features">features</a> on all propagations from or to a given parameter or return value of a method.</p><p>For instance, if we want to add the feature <code>via-concat</code> to the propagations of the given method:</p><div class="language-java codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-java codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">public static String concat(String x, String y);</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>We could use the following JSON model generator:</p><div class="language-json codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-json codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;find&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;methods&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;where&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;signature_match&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;parent&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Lcom/example/Class&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;name&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;concat&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;model&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token property">&quot;attach_to_propagations&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;features&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">          </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;via-concat&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;port&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Return&quot;</span><span class="token plain"> </span><span class="token comment" style="color:rgb(105, 112, 152);font-style:italic">// We could also use Argument(0) and Argument(1)</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>Note that this is only useful for propagations inferred by the analysis. If you know that <code>concat</code> has a propagation, you should model it as a propagation directly.</p><h4 class="anchor anchorWithStickyNavbar_LWe7" id="add-features-to-arguments">Add Features to Arguments<a class="hash-link" href="#add-features-to-arguments" title="Direct link to heading">​</a></h4><p><em>Add features to arguments</em> is used to add a set of <a href="#features">features</a> on all sources that <strong>might</strong> flow on a given parameter of a method.</p><p><em>Add features to arguments</em> implies <em>Attach to sources</em>, <em>Attach to sinks</em> and <em>Attach to propagations</em>, but it also accounts for possible side effects at call sites.</p><p>For instance:</p><div class="language-java codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-java codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">public static void log(String message) {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  System.out.println(message);</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">}</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">public void buyView() {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  String username = getParameter(&quot;username&quot;);</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  String product = getParameter(&quot;product&quot;);</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  log(username);</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  buy(username, product);</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>Technically, the <code>log</code> method doesn&#x27;t have any source, sink or propagation. We can use <em>add features to arguments</em> to add a feature <code>was-logged</code> on the flow from <code>getParameter(&quot;username&quot;)</code> to <code>buy(username, product)</code>. We could use the following JSON model generator for the <code>log</code> method:</p><div class="language-json codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-json codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;find&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;methods&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;where&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;signature_match&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;parent&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Lcom/example/Class&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;name&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;log&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;model&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token property">&quot;add_features_to_arguments&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;features&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">          </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;was-logged&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;port&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Argument(0)&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><h4 class="anchor anchorWithStickyNavbar_LWe7" id="via-type-features">Via-type Features<a class="hash-link" href="#via-type-features" title="Direct link to heading">​</a></h4><p><em>Via-type</em> features are used to keep track of the type of a callable’s port seen at its callsites during taint flow analysis. They are specified in model generators within the “sources” or “sinks” field of a model with the “via_type_of” field. It is mapped to a nonempty list of ports of the method for which we want to create via-type features.</p><p>For example, if we were interested in the specific Activity subclasses with which the method below was called:</p><div class="language-java codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-java codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">public void startActivityForResult(Intent intent, int requestCode);</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">// At some callsite:</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">ActivitySubclass activitySubclassInstance;</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">activitySubclassInstance.startActivityForResult(intent, requestCode);</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain" style="display:inline-block"></span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>we could use the following JSON to specifiy a via-type feature that would materialize as <code>via-type:ActivitySubclass</code>:</p><div class="language-json codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-json codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;find&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;methods&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;where&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;signature_match&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;parent&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Lcom/example/Class&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;name&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;startActivityForResult&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;model&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token property">&quot;sinks&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;port&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Argument(1)&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;kind&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;SinkKind&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;via_type_of&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">          </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Argument(0)&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><h4 class="anchor anchorWithStickyNavbar_LWe7" id="via-value-features">Via-value Features<a class="hash-link" href="#via-value-features" title="Direct link to heading">​</a></h4><p><em>Via-value</em> feature captures the value of the specified callable&#x27;s port seen at its callsites during taint flow analysis. They are specified similar to <code>Via-type</code> features -- in model generators within the &quot;sources&quot; or &quot;sinks&quot; field of a model with the &quot;via_value_of&quot; field. It is mapped to a nonempty list of ports of the method for which we want to create via-value features.</p><p>For example, if we were interested in the specific <code>mode</code> with which the method below was called:</p><div class="language-java codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-java codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">public void log(String mode, String message);</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">class Constants {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  public static final String MODE = &quot;M1&quot;;</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">}</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">// At some callsite:</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">log(Constants.MODE, &quot;error message&quot;);</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain" style="display:inline-block"></span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>we could use the following JSON to specifiy a via-value feature that would materialize as <code>via-value:M1</code>:</p><div class="language-json codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-json codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;find&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;methods&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;where&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;signature_match&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;parent&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Lcom/example/Class&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;name&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;log&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;model&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token property">&quot;sinks&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;port&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Argument(1)&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;kind&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;SinkKind&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;via_value_of&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">          </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Argument(0)&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>Note that this only works for numeric and string literals. In cases where the argument is not a constant, the feature will appear as <code>via-value:unknown</code>.</p><h3 class="anchor anchorWithStickyNavbar_LWe7" id="taint-broadening">Taint Broadening<a class="hash-link" href="#taint-broadening" title="Direct link to heading">​</a></h3><p><strong>Taint broadening</strong> (also called <strong>collapsing</strong>) happens when Mariana Trench needs to make an approximation about a taint flow. It is the operation of reducing a <strong>taint tree</strong> into a single element. A <strong>taint tree</strong> is a tree where edges are field names and nodes are taint element. This is how Mariana Trench represents internally which fields (or sequence of fields) are tainted.</p><p>For instance, analyzing the following code:</p><div class="language-java codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-java codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">MyClass var = new MyClass();</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">var.a = sourceX();</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">var.b.c = sourceY();</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">var.b.d = sourceZ();</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>The taint tree of variable <code>var</code> would be:</p><div class="codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-text codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">      .</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  a /   \ b</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> { X }    .</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">       c / \ d</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">     { Y }  { Z }</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>After collapsing, the tree is reduced to a single node <code>{ X, Y, Z }</code>, which is less precise.</p><p>In conclusion, taint broadening effectively leads to considering the whole object as tainted while only some specific fields were initially tainted. This might happen for the correctness of the analysis or for performance reasons.</p><p>In the following sections, we will discuss when collapsing can happen. In most cases, a feature is automatically added on collapsed taint to help detect false positives.</p><h4 class="anchor anchorWithStickyNavbar_LWe7" id="propagation-broadening">Propagation Broadening<a class="hash-link" href="#propagation-broadening" title="Direct link to heading">​</a></h4><p>Taint collapsing is applied when taint is propagated through a method.</p><p>For instance:</p><div class="language-java codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-java codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">MyClass input = new MyClass();</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">input.a = SourceX();</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">MyClass output = SomeClass.UnknownMethod(input);</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">Sink(output.b); // Considered an issue since `output` is considered tainted. This could be a False Negative without collapsing.</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>In that case, the <a href="#feature">feature</a> <code>via-propagation-broadening</code> will be automatically added on the taint. This can help identify false positives.</p><p>If you know that this method <strong>preserves the structure</strong> of the parameter, you could specify a model and disable collapsing using the <code>collapse</code> attribute within a <a href="#propagation"><code>propagation</code></a>:</p><div class="language-json codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-json codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;find&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;methods&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;where&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;signature_match&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;parent&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Lcom/example/SomeClass&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;name&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;UnknownMethod&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;model&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token property">&quot;propagation&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;input&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Argument(0)&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;output&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Return&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;collapse&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token boolean" style="color:rgb(255, 88, 116)">false</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>Note that Mariana Trench can usually infer when a method propagates taint without collapsing it when it has access to the code of that method and subsequent calls. For instance:</p><div class="language-java codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-java codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">public String identity(String x) {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  // Automatically infers a propagation `Arg(0) -&gt; Return` with `collapse=false`</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  return x;</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><h5 class="anchor anchorWithStickyNavbar_LWe7" id="issue-broadening-feature">Issue Broadening Feature<a class="hash-link" href="#issue-broadening-feature" title="Direct link to heading">​</a></h5><p>The <code>via-issue-broadening</code> feature is added to issues where the taint flowing into the sink was not held directly on the object passed in but on one of its fields. For example:</p><div class="language-java codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-java codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">Class input = new Class();</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">input.field = source();</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">sink(input); // `input` is not tainted, but `input.field` is tainted and creates an issue</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><h5 class="anchor anchorWithStickyNavbar_LWe7" id="widen-broadening-feature">Widen Broadening Feature<a class="hash-link" href="#widen-broadening-feature" title="Direct link to heading">​</a></h5><p>For performance reasons, if a given taint tree becomes very large (either in depth or in number of nodes at a given level), Mariana Trench collapses the tree to a smaller size. In these cases, the <code>via-widen-broadening</code> feature is added to the collapsed taint</p><div class="language-java codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-java codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">Class input = new Class();</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">if (\* condition *\) {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  input.field1 = source();</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  input.field2 = source();</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  ...</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">} else {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  input.fieldA = source();</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  input.fieldB = source();</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  ...</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">}</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">sink(input); // Too many fields are sources so the whole input object becomes tainted</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><h3 class="anchor anchorWithStickyNavbar_LWe7" id="sanitizers">Sanitizers<a class="hash-link" href="#sanitizers" title="Direct link to heading">​</a></h3><p>Specifying sanitizers on a model allow us to stop taint flowing through that method. In Mariana Trench, they can be one of three types -</p><ul><li><code>sources</code>: prevent any taint sources from flowing out of the method</li><li><code>sinks</code>: prevent taint from reaching any sinks within the method</li><li><code>propagations</code>: prevent propagations from being inferred between any two ports of the method.</li></ul><p>These can be specified in model generators as follows -</p><div class="language-json codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-json codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;find&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;methods&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;where&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> ...</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;model&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token property">&quot;sanitizers&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;sanitize&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;sources&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;sanitize&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;sinks&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;sanitize&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;propagations&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    ...</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>Note, if there are any user-specificed sources, sinks or propagations on the model, sanitizers will not affect them, but it will prevent them from being propagated outward to callsites.</p><h4 class="anchor anchorWithStickyNavbar_LWe7" id="kind-specific-sanitizers">Kind-specific Sanitizers<a class="hash-link" href="#kind-specific-sanitizers" title="Direct link to heading">​</a></h4><p><code>sources</code> and <code>sinks</code> sanitizers may include a list of kinds (each with or without a partial_label) to restrict the sanitizer to only sanitizing taint of those kinds. (When unspecified, as in the example above, all taint is sanitized regardless of kind).</p><div class="language-json codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-json codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token property">&quot;sanitizers&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token property">&quot;sanitize&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;sinks&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token property">&quot;kinds&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;kind&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;SinkKindA&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;kind&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;SinkKindB&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;partial_label&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;A&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><h4 class="anchor anchorWithStickyNavbar_LWe7" id="port-specific-sanitizers">Port-specific Sanitizers<a class="hash-link" href="#port-specific-sanitizers" title="Direct link to heading">​</a></h4><p>Sanitizers can also specify a specific port (<a href="/docs/models/#access-path-format">access path</a> root) they sanitize (ignoring all the rest). This field <code>port</code> has a slightly different meaning for each kind of sanitizer -</p><ul><li><code>sources</code>: represents the output port through which sources may not leave the method</li><li><code>sinks</code>: represents the input port through which taint may not trigger any sinks within the model</li><li><code>propagations</code>: represents the input port through which a propagation to any other port may not be inferred</li></ul><p>For example if the following method</p><div class="language-java codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-java codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">public void someMethod(Object argument1, Object argument2) {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  toSink(argument1);</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  toSink(argument2);</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>had the following sanitizer in its model,</p><div class="language-json codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-json codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token property">&quot;sanitizers&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token property">&quot;sanitize&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;sinks&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token property">&quot;port&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Argument(1)&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>Then a source flowing into <code>argument1</code> would be able to cause an issue, but not a source flowing into <code>argument2</code>.</p><p>Kind and port specifications may be included in the same sanitizer.</p><h3 class="anchor anchorWithStickyNavbar_LWe7" id="modes">Modes<a class="hash-link" href="#modes" title="Direct link to heading">​</a></h3><p>Modes are used to describe specific behaviors of methods. Available modes are:</p><ul><li><code>skip-analysis</code>: skip the analysis of the method;</li><li><code>add-via-obscure-feature</code>: add a feature/breadcrumb called <code>via-obscure:&lt;method&gt;</code> to sources flowing through this method;</li><li><code>taint-in-taint-out</code>: propagate the taint on arguments to the return value;</li><li><code>taint-in-taint-this</code>: propagate the taint on arguments into the <code>this</code> parameter;</li><li><code>no-join-virtual-overrides</code>: do not consider all possible overrides when handling a virtual call to this method;</li><li><code>no-collapse-on-propagation</code>: do not collapse input paths when applying propagations;</li><li><code>alias-memory-location-on-invoke</code>: aliases existing memory location at the callsite instead of creating a new one;</li><li><code>strong-write-on-propagation</code>: performs a strong write from input path to the output path on propagation;</li></ul><h3 class="anchor anchorWithStickyNavbar_LWe7" id="default-model">Default model<a class="hash-link" href="#default-model" title="Direct link to heading">​</a></h3><p>A default model is created for each method, except if it is provided by a model generator. The default model has a set of heuristics:</p><p>If the method has no source code, the model is automatically marked with the modes <code>skip-analysis</code> and <code>add-via-obscure-feature</code>.</p><p>If the method has more than 40 overrides, it is marked with the mode <code>no-join-virtual-overrides</code>.</p><p>Otherwise, the default model is empty (no sources/sinks/propagations).</p><h3 class="anchor anchorWithStickyNavbar_LWe7" id="field-models">Field Models<a class="hash-link" href="#field-models" title="Direct link to heading">​</a></h3><p>These models represent user-defined taint on class fields (as opposed to methods, as described in all the previous sections on this page). They are specified in a similar way to method models as described below.</p><blockquote><p><strong>NOTE:</strong> Field sources should not be applied to fields that are both final and of a primitive type (<code>int</code>, <code>char</code>, <code>float</code>, etc as well as <code>java.lang.String</code>) as the Java compiler optimizes accesses of these fields in the bytecode into accesses of the constant value they hold. In this scenario, Mariana Trench has no way of recognizing that the constant was meant to carry a source.</p></blockquote><p>Example field model generator for sources:</p><div class="language-json codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-json codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;find&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;fields&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;where&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;name&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;pattern&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;SOURCE_EXAMPLE&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;model&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token property">&quot;sources&quot;</span><span class="token plain"> </span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;kind&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;FieldSource&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>Example code:</p><div class="language-java codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-java codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">public class TestClass {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  // Field that we know to be tainted</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  public Object SOURCE_EXAMPLE = ...;</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  void flow() {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    sink(EXAMPLE, ...);</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  }</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>Example field model generator for sinks:</p><div class="language-json codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-json codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;find&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;fields&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;where&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;name&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;pattern&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;SINK_EXAMPLE&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;model&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token property">&quot;sinks&quot;</span><span class="token plain"> </span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;kind&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;FieldSink&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>Example code:</p><div class="language-java codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-java codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">public class TestClass {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  public Object SINK_EXAMPLE = ...;</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  void flow() {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    SINK_EXAMPLE = source();</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  }</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>Field signature formats follow the Dalvik bytecode format similar to methods as discussed <a href="#method-name-format">above</a>. This is of the form <code>&lt;className&gt;.&lt;fieldName&gt;:&lt;fieldType&gt;</code>.</p><h3 class="anchor anchorWithStickyNavbar_LWe7" id="literal-models">Literal Models<a class="hash-link" href="#literal-models" title="Direct link to heading">​</a></h3><p>Literal models represent user-defined taints on string literals matching configurable regular expressions. They can only be configured as sources and are intended to identify suspicious patterns, such as user-controlled data being concatenated with a string literal which looks like an SQL query.</p><blockquote><p><strong>NOTE:</strong> Each use of a literal in the analysed code which matches a pattern in a literal model will generate a new taint which needs to be explored by Mariana Trench. Using overly broad patterns like <code>.*</code> should thus be avoided, as they can lead to poor performance and high memory usage.</p></blockquote><p>Example literal models:</p><div class="codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-text codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">[</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    &quot;pattern&quot;: &quot;SELECT \\*.*&quot;,</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    &quot;description&quot;: &quot;Potential SQL Query&quot;,</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    &quot;sources&quot;: [</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        &quot;kind&quot;: &quot;SqlQuery&quot;</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      }</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    ]</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  },</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    &quot;pattern&quot;: &quot;AI[0-9A-Z]{16}&quot;,</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    &quot;description&quot;: &quot;Suspected Google API Key&quot;,</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    &quot;sources&quot;: [</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        &quot;kind&quot;: &quot;GoogleAPIKey&quot;</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      }</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    ]</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  }</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">]</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>Example code:</p><div class="language-java codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-java codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">void testRegexSource() {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  String prefix = &quot;SELECT * FROM USERS WHERE id = &quot;;</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  String aci = getAttackerControlledInput();</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  String query = prefix + aci; // Sink</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">}</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">void testRegexSourceGoogleApiKey() {</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  String secret = &quot;AIABCD1234EFGH5678&quot;;</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  sink(secret);</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><h2 class="anchor anchorWithStickyNavbar_LWe7" id="model-generators">Model Generators<a class="hash-link" href="#model-generators" title="Direct link to heading">​</a></h2><p>Mariana Trench allows for dynamic model specifications. This allows a user to specify models of methods before running the analysis. This is used to specify sources, sinks, propagation and modes.</p><p>Model generators are specified in a generator configuration file, specified by the <code>--generator-configuration-path</code> parameter. By default, we use <a href="https://github.com/facebook/mariana-trench/blob/main/configuration/default_generator_config.json" target="_blank" rel="noopener noreferrer"><code>default_generator_config.json</code></a>.</p><h3 class="anchor anchorWithStickyNavbar_LWe7" id="example">Example<a class="hash-link" href="#example" title="Direct link to heading">​</a></h3><p>Examples of model generators are located in the <a href="https://github.com/facebook/mariana-trench/tree/main/configuration/model-generators" target="_blank" rel="noopener noreferrer"><code>configuration/model-generators</code></a> directory.</p><p>Below is an example of a JSON model generator:</p><div class="language-json codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-json codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;model_generators&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;find&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;methods&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;where&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;name&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"> </span><span class="token property">&quot;pattern&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;toString&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;model&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;propagation&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">          </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">            </span><span class="token property">&quot;input&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Argument(0)&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">            </span><span class="token property">&quot;output&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Return&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">          </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;find&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;methods&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;where&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">          </span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;parent&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">          </span><span class="token property">&quot;inner&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">            </span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;extends&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">            </span><span class="token property">&quot;inner&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">              </span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;name&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">              </span><span class="token property">&quot;pattern&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;SandcastleCommand&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">            </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">          </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;name&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"> </span><span class="token property">&quot;pattern&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Time&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;model&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;sources&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">          </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">            </span><span class="token property">&quot;kind&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Source&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">            </span><span class="token property">&quot;port&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Return&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">          </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;find&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;methods&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;where&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">          </span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;parent&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">          </span><span class="token property">&quot;inner&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">            </span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;extends&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">            </span><span class="token property">&quot;inner&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;name&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"> </span><span class="token property">&quot;pattern&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;IEntWithPurposePolicy&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">          </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;name&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"> </span><span class="token property">&quot;pattern&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;gen.*&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">          </span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;parameter&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">          </span><span class="token property">&quot;idx&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token number" style="color:rgb(247, 140, 108)">0</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">          </span><span class="token property">&quot;inner&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">            </span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;type&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">            </span><span class="token property">&quot;kind&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;extends&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">            </span><span class="token property">&quot;class&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;IViewerContext&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">          </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">          </span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;return&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">          </span><span class="token property">&quot;inner&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">            </span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;extends&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">            </span><span class="token property">&quot;inner&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token property">&quot;constraint&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;name&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"> </span><span class="token property">&quot;pattern&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Ent&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">          </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;model&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;modes&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token string" style="color:rgb(195, 232, 141)">&quot;add-via-obscure-feature&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token property">&quot;sinks&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">          </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">            </span><span class="token property">&quot;kind&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Sink&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">            </span><span class="token property">&quot;port&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Argument(0)&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">            </span><span class="token property">&quot;features&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token string" style="color:rgb(195, 232, 141)">&quot;via-gen&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">          </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><h3 class="anchor anchorWithStickyNavbar_LWe7" id="specification">Specification<a class="hash-link" href="#specification" title="Direct link to heading">​</a></h3><p>Each JSON file is a JSON object with a key <code>model_generators</code> associated with a list of &quot;rules&quot;.</p><p>Each &quot;rule&quot; defines a &quot;filter&quot; (which uses &quot;constraints&quot; to specify methods for which a &quot;model&quot; should be generated) and a &quot;model&quot;. A rule has the following key/values:</p><ul><li><p><code>find</code>: The type of thing to find. We support <code>methods</code> and <code>fields</code>;</p></li><li><p><code>where</code>: A list of &quot;constraints&quot;. All constraints <strong>must be satisfied</strong> by a method or field in order to generate a model for it. All the constraints are listed below, grouped by the type of object they are applied to:</p><ul><li><p><strong>Method</strong>:</p><ul><li><code>signature_match</code>: Expects at least one of the two allowed groups of extra properties: <code>[name | names] [parent | parents | extends [include_self]]</code> where:<ul><li><code>name</code> (a single string) or <code>names</code> (a list of alternative strings): is exact matched to the method name</li><li><code>parent</code> (a single string) or <code>parents</code> (a list of alternative strings) is exact matched to the class of the method or <code>extends</code> (either a single string or a list of alternative strings) is exact matched to the base classes or interfaces of the method. <code>extends</code> allows an optional property <code>include_self</code> which is a boolean to indicate if the constraint is applied to the class itself or not (defaults to <code>true</code>).</li></ul></li><li><code>signature | signature_pattern</code>: Expects an extra property <code>pattern</code> which is a regex to fully match the full signature (class, method, argument types) of a method;<ul><li><strong>NOTE:</strong> Usage of this constraint is discouraged as it has poor performance. Try using <code>signature_match</code> instead!</li></ul></li><li><code>parent</code>: Expects an extra property <code>inner</code> <!-- -->[Type]<!-- --> which contains a nested constraint to apply to the class holding the method;</li><li><code>parameter</code>: Expects an extra properties <code>idx</code> and <code>inner</code> <!-- -->[Parameter]<!-- --> or <!-- -->[Type]<!-- -->, matches when the idx-th parameter of the function or method matches the nested constraint inner;</li><li><code>any_parameter</code>: Expects an optional extra property <code>start_idx</code> and <code>inner</code> <!-- -->[Parameter]<!-- --> or <!-- -->[Type]<!-- -->, matches when there is any parameters (starting at start_idx) of the function or method matches the nested constraint inner;</li><li><code>return</code>: Expects an extra property <code>inner</code> <!-- -->[Type]<!-- --> which contains a nested constraint to apply to the return of the method;</li><li><code>is_static | is_constructor | is_native | has_code</code>: Accepts an extra property <code>value</code> which is either <code>true</code> or <code>false</code>. By default, <code>value</code> is considered <code>true</code>;</li><li><code>number_parameters</code>: Expects an extra property <code>inner</code> <!-- -->[Integer]<!-- --> which contains a nested constraint to apply to the number of parameters (counting the implicit <code>this</code> parameter);</li><li><code>number_overrides</code>: Expects an extra property <code>inner</code> <!-- -->[Integer]<!-- --> which contains a nested constraint to apply on the number of method overrides.</li></ul></li><li><p><strong>Parameter:</strong></p><ul><li><code>parameter_has_annotation</code>: Expects an extra property <code>type</code> and an optional property <code>pattern</code>, respectively a string and a regex fully matching the value of the parameter annotation.</li></ul></li><li><p><strong>Type:</strong></p><ul><li><code>extends</code>: Expects an extra property <code>inner</code> <!-- -->[Type]<!-- --> which contains a nested constraint that must apply to one of the base classes or itself. The optional property <code>include_self</code> is a boolean that tells whether the constraint must be applied on the type itself or not (defaults to <code>true</code>);</li><li><code>super</code>: Expects an extra property <code>inner</code> <!-- -->[Type]<!-- --> which contains a nested constraint that must apply on the direct superclass;</li><li><code>is_class | is_interface</code>: Accepts an extra property <code>value</code> which is either <code>true</code> or <code>false</code>. By default, <code>value</code> is considered <code>true</code>;</li></ul></li><li><p><strong>Field</strong>:</p><ul><li><code>signature</code>: Expects an extra property <code>pattern</code> which is a regex to fully match the full signature of the field. This is of the form <code>&lt;className&gt;.&lt;fieldName&gt;:&lt;fieldType&gt;</code>;</li><li><code>parent</code>: Expects an extra property <code>inner</code> <!-- -->[Type]<!-- --> which contains a nested constraint to apply to the class holding the field;</li><li><code>is_static</code>: Accepts an extra property <code>value</code> which is either <code>true</code> or <code>false</code>. By default, <code>value</code> is considered <code>true</code>;</li></ul></li><li><p><strong>Method, Type or Field:</strong></p><ul><li><code>name</code>: Expects an extra property <code>pattern</code> which is a regex to fully match the name of the item;</li><li><code>has_annotation</code>: Expects an extra property <code>type</code> and an optional property <code>pattern</code>, respectively a string and a regex fully matching the value of the annotation.</li><li><code>visibility</code>: Expects an extra property <code>is</code> which is either <code>public</code>, <code>private</code> or <code>protected</code>; (Note this does not apply to <code>Field</code>)</li></ul></li><li><p><strong>Integer:</strong></p><ul><li><code>&lt; | &lt;= | == | &gt; | &gt;= | !=</code>: Expects an extra property <code>value</code> which contains an integer that the input integer is compared with. The input is the left hand side.</li></ul></li><li><p><strong>Any (Method, Parameter, Type, Field or Integer):</strong></p><ul><li><code>all_of</code>: Expects an extra property <code>inners</code> <!-- -->[Any]<!-- --> which is an array holding nested constraints which must all apply;</li><li><code>any_of</code>: Expects an extra property <code>inners</code> <!-- -->[Any]<!-- --> which is an array holding nested constraints where one of them must apply;</li><li><code>not</code>: Expects an extra property <code>inner</code> <!-- -->[Any]<!-- --> which contains a nested constraint that should not apply. (Note this is not yet implemented for <code>Field</code>s)</li></ul></li></ul></li><li><p><code>model</code>: A model, describing sources/sinks/propagations/etc.</p><ul><li><p><strong>For method models</strong></p><ul><li><code>sources</code>*<!-- -->: A list of sources, i.e a source flowing out of the method via return value or flowing in via an argument. A source has the following key/values:<ul><li><code>kind</code>: The source name;</li><li><code>port</code>*<!-- -->*<!-- -->: The source access path (e.g, <code>&quot;Return&quot;</code> or <code>&quot;Argument(1)&quot;</code>);</li><li><code>features</code>*<!-- -->: A list of features/breadcrumbs names;</li><li><code>via_type_of</code>*<!-- -->: A list of ports;</li></ul></li><li><code>sinks</code>*<!-- -->: A list of sinks, i.e describing that a parameter of the method flows into a sink. A sink has the following key/values:<ul><li><code>kind</code>: The sink name;</li><li><code>port</code>: The sink access path (e.g, <code>&quot;Return&quot;</code> or <code>&quot;Argument(1)&quot;</code>);</li><li><code>features</code>*<!-- -->: A list of features/breadcrumbs names;</li><li><code>via_type_of</code>*<!-- -->: A list of ports;</li></ul></li><li><code>propagation</code>*<!-- -->: A list of propagations (also called passthrough) that describe whether a taint on a parameter should result in a taint on the return value or another parameter. A propagation has the following key/values:<ul><li><code>input</code>: The input access path (e.g, <code>&quot;Argument(1)&quot;</code>);</li><li><code>output</code>: The output access path (e.g, <code>&quot;Return&quot;</code> or <code>&quot;Argument(2)&quot;</code>);</li><li><code>features</code>*<!-- -->: A list of features/breadcrumbs names;</li></ul></li><li><code>attach_to_sources</code>*<!-- -->: A list of attach-to-sources that describe that all sources flowing out of the method on the given parameter or return value must have the given features. An attach-to-source has the following key/values:<ul><li><code>port</code>: The access path root (e.g, <code>&quot;Return&quot;</code> or <code>&quot;Argument(1)&quot;</code>);</li><li><code>features</code>: A list of features/breadcrumb names;</li></ul></li><li><code>attach_to_sinks</code>*<!-- -->: A list of attach-to-sinks that describe that all sources flowing in the method on the given parameter must have the given features. An attach-to-sink has the following key/values:<ul><li><code>port</code>: The access path root (e.g, <code>&quot;Argument(1)&quot;</code>);</li><li><code>features</code>: A list of features/breadcrumb names;</li></ul></li><li><code>attach_to_propagations</code>*<!-- -->: A list of attach-to-propagations that describe that inferred propagations of sources flowing in or out of a given parameter or return value must have the given features. An attach-to-propagation has the following key/values:<ul><li><code>port</code>: The access path root (e.g, <code>&quot;Return&quot;</code> or <code>&quot;Argument(1)&quot;</code>);</li><li><code>features</code>: A list of features/breadcrumb names;</li></ul></li><li><code>add_features_to_parameters</code>*<!-- -->: A list of add-features-to-parameters that describe that flows that might flow on the given parameter must have the given features. An add-features-to-parameter has the following key/values:<ul><li><code>port</code>: The access path root (e.g, <code>&quot;Argument(1)&quot;</code>);</li><li><code>features</code>: A list of features/breadcrumb names;</li></ul></li><li><code>modes</code>*<!-- -->: A list of mode names that describe specific behaviors of a method;</li><li><code>for_all_parameters</code>: Generate sources/sinks/propagations/attach<em>to</em>*<!-- --> for all parameters of a method that satisfy some constraints. It accepts the following key/values:<ul><li><code>variable</code>: A symbolic name for the parameter;</li><li><code>where</code>: An optional list of <!-- -->[Parameter]<!-- --> or <!-- -->[Type]<!-- --> constraints on the parameter;</li><li><code>sources | sinks | propagation</code>: Same as under &quot;model&quot;, but we accept the variable name as a parameter number.</li></ul></li></ul></li><li><p><code>verbosity</code>*<!-- -->: A logging level, to help debugging. 1 is the most verbose, 5 is the least. The default verbosity level is 5.</p></li><li><p><strong>For Field models</strong></p><ul><li><code>sources</code>*<!-- -->: A list of sources the field should hold. A source has the following key/values:<ul><li><code>kind</code>: The source name;</li><li><code>features</code>*<!-- -->: A list of features/breadcrumbs names;</li></ul></li><li><code>sinks</code>*<!-- -->: A list of sinks the field should hold. A sink has the following key/values:<ul><li><code>kind</code>: The sink name;</li><li><code>features</code>*<!-- -->: A list of features/breadcrumds names;</li></ul></li></ul></li></ul></li></ul><p>In the above bullets,</p><ul><li><code>*</code> denotes optional key/value.</li><li><code>**</code> denotes optional key/value. Default is <code>&quot;Return&quot;</code>.</li></ul><p>Note, the implicit <code>this</code> parameter for methods has the parameter number 0.</p><h3 class="anchor anchorWithStickyNavbar_LWe7" id="development">Development<a class="hash-link" href="#development" title="Direct link to heading">​</a></h3><h4 class="anchor anchorWithStickyNavbar_LWe7" id="when-sources-or-sinks-dont-appear-in-results">When Sources or Sinks don&#x27;t appear in Results<a class="hash-link" href="#when-sources-or-sinks-dont-appear-in-results" title="Direct link to heading">​</a></h4><ol><li><p>This could be because your model generator did not find any method matching your query. You can use the <code>&quot;verbosity&quot;: 1</code> option in your model generator to check if it matched any method. For instance:</p><div class="language-json codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-json codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;model_generators&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;find&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;methods&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;where&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token comment" style="color:rgb(105, 112, 152);font-style:italic">/* ... */</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;model&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">        </span><span class="token comment" style="color:rgb(105, 112, 152);font-style:italic">/* ... */</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">      </span><span class="token property">&quot;verbosity&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token number" style="color:rgb(247, 140, 108)">1</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>When running mariana trench, this should print:</p><div class="codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-text codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">INFO Method `...` satisfies all constraints in json model generator ...</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div></li><li><p>Make sure that your model generator is actually running. You can use the <code>--verbosity 2</code> option to check that. Make sure your model generator is specified in <code>configuration/default_generator_config.json</code>.</p></li><li><p>You can also check the output models. Use <code>grep SourceKind models@*</code> to see if your source or sink kind exists. Use <code>grep &#x27;Lcom/example/&lt;class-name&gt;;.&lt;method-name&gt;:&#x27; models@*</code> to see if a given method exists in the app.</p></li></ol><div></div></div><footer class="theme-doc-footer docusaurus-mt-lg"><div class="theme-doc-footer-edit-meta-row row"><div class="col"><a href="https://github.com/facebook/mariana-trench/tree/main/documentation/website/documentation/models.md" target="_blank" rel="noreferrer noopener" class="theme-edit-this-page"><svg fill="currentColor" height="20" width="20" viewBox="0 0 40 40" class="iconEdit_Z9Sw" aria-hidden="true"><g><path d="m34.5 11.7l-3 3.1-6.3-6.3 3.1-3q0.5-0.5 1.2-0.5t1.1 0.5l3.9 3.9q0.5 0.4 0.5 1.1t-0.5 1.2z m-29.5 17.1l18.4-18.5 6.3 6.3-18.4 18.4h-6.3v-6.2z"></path></g></svg>Edit this page</a></div><div class="col lastUpdated_vwxv"></div></div></footer></article><nav class="pagination-nav docusaurus-mt-lg" aria-label="Docs pages navigation"><a class="pagination-nav__link pagination-nav__link--prev" href="/docs/rules/"><div class="pagination-nav__sublabel">Previous</div><div class="pagination-nav__label">Rules</div></a><a class="pagination-nav__link pagination-nav__link--next" href="/docs/shims/"><div class="pagination-nav__sublabel">Next</div><div class="pagination-nav__label">Shims</div></a></nav></div></div><div class="col col--3"><div class="tableOfContents_bqdL thin-scrollbar theme-doc-toc-desktop"><ul class="table-of-contents table-of-contents__left-border"><li><a href="#models" class="table-of-contents__link toc-highlight">Models</a><ul><li><a href="#method-name-format" class="table-of-contents__link toc-highlight">Method name format</a></li><li><a href="#access-path-format" class="table-of-contents__link toc-highlight">Access path format</a></li><li><a href="#kinds" class="table-of-contents__link toc-highlight">Kinds</a></li><li><a href="#sources" class="table-of-contents__link toc-highlight">Sources</a></li><li><a href="#sinks" class="table-of-contents__link toc-highlight">Sinks</a></li><li><a href="#return-sinks" class="table-of-contents__link toc-highlight">Return Sinks</a></li><li><a href="#propagation" class="table-of-contents__link toc-highlight">Propagation</a></li><li><a href="#features" class="table-of-contents__link toc-highlight">Features</a></li><li><a href="#taint-broadening" class="table-of-contents__link toc-highlight">Taint Broadening</a></li><li><a href="#sanitizers" class="table-of-contents__link toc-highlight">Sanitizers</a></li><li><a href="#modes" class="table-of-contents__link toc-highlight">Modes</a></li><li><a href="#default-model" class="table-of-contents__link toc-highlight">Default model</a></li><li><a href="#field-models" class="table-of-contents__link toc-highlight">Field Models</a></li><li><a href="#literal-models" class="table-of-contents__link toc-highlight">Literal Models</a></li></ul></li><li><a href="#model-generators" class="table-of-contents__link toc-highlight">Model Generators</a><ul><li><a href="#example" class="table-of-contents__link toc-highlight">Example</a></li><li><a href="#specification" class="table-of-contents__link toc-highlight">Specification</a></li><li><a href="#development" class="table-of-contents__link toc-highlight">Development</a></li></ul></li></ul></div></div></div></div></main></div></div><footer class="footer footer--dark"><div class="container container-fluid"><div class="row footer__links"><div class="col footer__col"><div class="footer__title">Learn</div><ul class="footer__items clean-list"><li class="footer__item"><a class="footer__link-item" href="/docs/getting-started/">Getting Started</a></li></ul></div><div class="col footer__col"><div class="footer__title">Community</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://twitter.com/metaOpenSource" target="_blank" rel="noopener noreferrer" class="footer__link-item">Twitter<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div><div class="col footer__col"><div class="footer__title">More</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://github.com/facebook/mariana-trench" target="_blank" rel="noopener noreferrer" class="footer__link-item">GitHub<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div><div class="col footer__col"><div class="footer__title">Legal</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://opensource.facebook.com/legal/privacy/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Privacy<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li class="footer__item"><a href="https://opensource.facebook.com/legal/terms/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Terms<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div></div><div class="footer__bottom text--center"><div class="margin-bottom--sm"><a href="https://opensource.facebook.com" rel="noopener noreferrer" class="footerLogoLink_BH7S"><img src="/img/oss_logo.png" alt="Facebook Open Source Logo" class="themedImage_ToTc themedImage--light_HNdA footer__logo"><img src="/img/oss_logo.png" alt="Facebook Open Source Logo" class="themedImage_ToTc themedImage--dark_i4oU footer__logo"></a></div><div class="footer__copyright">Copyright © 2023 Meta Platforms, Inc. Built with Docusaurus.</div></div></div></footer></div>
+<script src="/assets/js/runtime~main.12fefa2a.js"></script>
 <script src="/assets/js/main.98fb840d.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/docs/overview/index.html b/docs/overview/index.html
index 72a977cf..3be53c2e 100644
--- a/docs/overview/index.html
+++ b/docs/overview/index.html
@@ -5,14 +5,14 @@
 <meta name="generator" content="Docusaurus v2.1.0">
 <title data-rh="true">Overview | Mariana Trench</title><meta data-rh="true" name="viewport" content="width=device-width,initial-scale=1"><meta data-rh="true" name="twitter:card" content="summary_large_image"><meta data-rh="true" property="og:url" content="https://mariana-tren.ch/docs/overview/"><meta data-rh="true" name="docusaurus_locale" content="en"><meta data-rh="true" name="docsearch:language" content="en"><meta data-rh="true" name="docusaurus_version" content="current"><meta data-rh="true" name="docusaurus_tag" content="docs-default-current"><meta data-rh="true" name="docsearch:version" content="current"><meta data-rh="true" name="docsearch:docusaurus_tag" content="docs-default-current"><meta data-rh="true" property="og:title" content="Overview | Mariana Trench"><meta data-rh="true" name="description" content="What is Mariana Trench"><meta data-rh="true" property="og:description" content="What is Mariana Trench"><link data-rh="true" rel="icon" href="/img/favicon.ico"><link data-rh="true" rel="canonical" href="https://mariana-tren.ch/docs/overview/"><link data-rh="true" rel="alternate" href="https://mariana-tren.ch/docs/overview/" hreflang="en"><link data-rh="true" rel="alternate" href="https://mariana-tren.ch/docs/overview/" hreflang="x-default"><link rel="alternate" type="application/rss+xml" href="/blog/rss.xml" title="Mariana Trench RSS Feed">
 <link rel="alternate" type="application/atom+xml" href="/blog/atom.xml" title="Mariana Trench Atom Feed"><link rel="stylesheet" href="/assets/css/styles.e56ff910.css">
-<link rel="preload" href="/assets/js/runtime~main.4240a0ef.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.12fefa2a.js" as="script">
 <link rel="preload" href="/assets/js/main.98fb840d.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
 <script>!function(){function t(t){document.documentElement.setAttribute("data-theme",t)}var e=function(){var t=null;try{t=localStorage.getItem("theme")}catch(t){}return t}();t(null!==e?e:"light")}()</script>
 <div style="display: none; text-align: center; background-color: white; color: black;" id="internaldocs-banner"></div><div id="__docusaurus">
 <div role="region" aria-label="theme.common.skipToMainContent"><a href="#" class="skipToContent_fXgn">Skip to main content</a></div><nav class="navbar navbar--fixed-top"><div class="navbar__inner"><div class="navbar__items"><button aria-label="Navigation bar toggle" class="navbar__toggle clean-btn" type="button" tabindex="0"><svg width="30" height="30" viewBox="0 0 30 30" aria-hidden="true"><path stroke="currentColor" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2" d="M4 7h22M4 15h22M4 23h22"></path></svg></button><a class="navbar__brand" href="/"><b class="navbar__title text--truncate">Mariana Trench</b></a><a aria-current="page" class="navbar__item navbar__link navbar__link--active" href="/docs/overview/">Documentation</a></div><div class="navbar__items navbar__items--right"><a href="https://github.com/facebook/mariana-trench" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link">GitHub<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a><div class="searchBox_ZlJk"></div></div></div><div role="presentation" class="navbar-sidebar__backdrop"></div></nav><div class="main-wrapper mainWrapper_z2l0 docsWrapper_BCFX"><button aria-label="Scroll back to top" class="clean-btn theme-back-to-top-button backToTopButton_sjWU" type="button"></button><div class="docPage__5DB"><aside class="theme-doc-sidebar-container docSidebarContainer_b6E3"><div class="sidebar_njMd"><nav class="menu thin-scrollbar menu_SIkG"><ul class="theme-doc-sidebar-menu menu__list"><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret menu__link--active" aria-expanded="true" href="/docs/overview/">User Guide</a></div><ul style="display:block;overflow:visible;height:auto" class="menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link menu__link--active" aria-current="page" tabindex="0" href="/docs/overview/">Overview</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/getting-started/">Getting Started</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/configuration/">Configuration</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/customize-sources-and-sinks/">Customize Sources and Sinks</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/rules/">Rules</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/models/">Models &amp; Model Generators</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/shims/">Shims</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/feature-descriptions/">Feature Glossary</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/known-false-negatives/">Known False Negatives</a></li></ul></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/docs/contribution/">Developer Guide</a></div></li></ul></nav></div></aside><main class="docMainContainer_gTbr"><div class="container padding-top--md padding-bottom--lg"><div class="row"><div class="col docItemCol_VOVn"><div class="docItemContainer_Djhp"><article><nav class="theme-doc-breadcrumbs breadcrumbsContainer_Z_bl" aria-label="Breadcrumbs"><ul class="breadcrumbs" itemscope="" itemtype="https://schema.org/BreadcrumbList"><li class="breadcrumbs__item"><a aria-label="Home page" class="breadcrumbs__link" href="/"><svg viewBox="0 0 24 24" class="breadcrumbHomeIcon_OVgt"><path d="M10 19v-5h4v5c0 .55.45 1 1 1h3c.55 0 1-.45 1-1v-7h1.7c.46 0 .68-.57.33-.87L12.67 3.6c-.38-.34-.96-.34-1.34 0l-8.36 7.53c-.34.3-.13.87.33.87H5v7c0 .55.45 1 1 1h3c.55 0 1-.45 1-1z" fill="currentColor"></path></svg></a></li><li class="breadcrumbs__item"><span class="breadcrumbs__link">User Guide</span><meta itemprop="position" content="1"></li><li itemscope="" itemprop="itemListElement" itemtype="https://schema.org/ListItem" class="breadcrumbs__item breadcrumbs__item--active"><span class="breadcrumbs__link" itemprop="name">Overview</span><meta itemprop="position" content="2"></li></ul></nav><div class="tocCollapsible_ETCw theme-doc-toc-mobile tocMobile_ITEo"><button type="button" class="clean-btn tocCollapsibleButton_TO0P">On this page</button></div><div class="theme-doc-markdown markdown"><header><h1>Overview</h1></header><h2 class="anchor anchorWithStickyNavbar_LWe7" id="what-is-mariana-trench">What is Mariana Trench<a class="hash-link" href="#what-is-mariana-trench" title="Direct link to heading">​</a></h2><p><strong>Mariana Trench</strong> is a security focused static analysis platform targeting Android. The tool provides an extensible global taint analysis similar to pre-existing tools like <a href="https://pyre-check.org/docs/pysa-basics" target="_blank" rel="noopener noreferrer">Pysa</a> for Python. The tool leverages existing static analysis infrastructure (e.g, <a href="https://github.com/facebookincubator/SPARTA" target="_blank" rel="noopener noreferrer">SPARTA</a>) built on top of <a href="https://github.com/facebook/redex" target="_blank" rel="noopener noreferrer">Redex</a>.</p><p>By default Mariana Trench analyzes <a href="https://source.android.com/devices/tech/dalvik/dalvik-bytecode" target="_blank" rel="noopener noreferrer">dalvik bytecode</a> and can work with or without access to the source code.</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="background">Background<a class="hash-link" href="#background" title="Direct link to heading">​</a></h2><h3 class="anchor anchorWithStickyNavbar_LWe7" id="sources-and-sinks">Sources and Sinks<a class="hash-link" href="#sources-and-sinks" title="Direct link to heading">​</a></h3><p>Under the context of taint analysis <!-- -->[1]<!-- -->, &quot;sources&quot; usually mean sensitive data that originates from users. For example, sources can be users&#x27; passwords or locations. &quot;Sinks&quot; usually mean functions or methods that use data that &quot;flows&quot; from sources, where the term &quot;flow&quot; is generally defined under the context of &quot;information flow&quot; <!-- -->[2]<!-- -->.</p><blockquote><p>An operation, or series of operations, that uses the value of some object, say x, to derive a value for another, say y, causes a flow from x to y</p></blockquote><p>As an example, sinks can be a logging API that writes data into a log file.</p><h3 class="anchor anchorWithStickyNavbar_LWe7" id="what-does-mariana-trench-do">What does Mariana Trench do?<a class="hash-link" href="#what-does-mariana-trench-do" title="Direct link to heading">​</a></h3><p>A flow from sources to sinks indicate that for example user passwords may get logged into a file, which is not desirable and is called as an <strong>&quot;issue&quot;</strong> under the context of Mariana Trench. Mariana Trench is designed to automatically discover such issues.</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="usage">Usage<a class="hash-link" href="#usage" title="Direct link to heading">​</a></h2><p>The usage of Mariana Trench can be summarized in three steps:</p><ol><li>Specify customized &quot;sources&quot; and &quot;sinks&quot;. (See <a href="/docs/customize-sources-and-sinks/">Customize Sources and Sinks</a>)</li><li>Run Mariana Trench on an arbitrary Java repository (with the sources and sinks specified in Step 1), whether it be a repository for an Android application project or for a vanilla (or plain old) Java project.</li><li>View the analysis results from a web browser. (For steps 2 and 3 see <a href="/docs/getting-started/">Getting Started</a>)</li></ol><h2 class="anchor anchorWithStickyNavbar_LWe7" id="references">References<a class="hash-link" href="#references" title="Direct link to heading">​</a></h2><ol><li><a href="https://dl.acm.org/doi/10.1145/1542476.1542486" target="_blank" rel="noopener noreferrer">Tripp, Omer, et al. &quot;TAJ: effective taint analysis of web applications.&quot; ACM Sigplan Notices 44.6 (2009): 87-97.</a></li><li><a href="https://dl.acm.org/doi/10.1145/359636.359712" target="_blank" rel="noopener noreferrer">Denning, Dorothy E., and Peter J. Denning. &quot;Certification of programs for secure information flow.&quot; Communications of the ACM 20.7 (1977): 504-513.</a></li></ol></div><footer class="theme-doc-footer docusaurus-mt-lg"><div class="theme-doc-footer-edit-meta-row row"><div class="col"><a href="https://github.com/facebook/mariana-trench/tree/main/documentation/website/documentation/overview.md" target="_blank" rel="noreferrer noopener" class="theme-edit-this-page"><svg fill="currentColor" height="20" width="20" viewBox="0 0 40 40" class="iconEdit_Z9Sw" aria-hidden="true"><g><path d="m34.5 11.7l-3 3.1-6.3-6.3 3.1-3q0.5-0.5 1.2-0.5t1.1 0.5l3.9 3.9q0.5 0.4 0.5 1.1t-0.5 1.2z m-29.5 17.1l18.4-18.5 6.3 6.3-18.4 18.4h-6.3v-6.2z"></path></g></svg>Edit this page</a></div><div class="col lastUpdated_vwxv"></div></div></footer></article><nav class="pagination-nav docusaurus-mt-lg" aria-label="Docs pages navigation"><a class="pagination-nav__link pagination-nav__link--next" href="/docs/getting-started/"><div class="pagination-nav__sublabel">Next</div><div class="pagination-nav__label">Getting Started</div></a></nav></div></div><div class="col col--3"><div class="tableOfContents_bqdL thin-scrollbar theme-doc-toc-desktop"><ul class="table-of-contents table-of-contents__left-border"><li><a href="#what-is-mariana-trench" class="table-of-contents__link toc-highlight">What is Mariana Trench</a></li><li><a href="#background" class="table-of-contents__link toc-highlight">Background</a><ul><li><a href="#sources-and-sinks" class="table-of-contents__link toc-highlight">Sources and Sinks</a></li><li><a href="#what-does-mariana-trench-do" class="table-of-contents__link toc-highlight">What does Mariana Trench do?</a></li></ul></li><li><a href="#usage" class="table-of-contents__link toc-highlight">Usage</a></li><li><a href="#references" class="table-of-contents__link toc-highlight">References</a></li></ul></div></div></div></div></main></div></div><footer class="footer footer--dark"><div class="container container-fluid"><div class="row footer__links"><div class="col footer__col"><div class="footer__title">Learn</div><ul class="footer__items clean-list"><li class="footer__item"><a class="footer__link-item" href="/docs/getting-started/">Getting Started</a></li></ul></div><div class="col footer__col"><div class="footer__title">Community</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://twitter.com/metaOpenSource" target="_blank" rel="noopener noreferrer" class="footer__link-item">Twitter<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div><div class="col footer__col"><div class="footer__title">More</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://github.com/facebook/mariana-trench" target="_blank" rel="noopener noreferrer" class="footer__link-item">GitHub<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div><div class="col footer__col"><div class="footer__title">Legal</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://opensource.facebook.com/legal/privacy/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Privacy<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li class="footer__item"><a href="https://opensource.facebook.com/legal/terms/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Terms<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div></div><div class="footer__bottom text--center"><div class="margin-bottom--sm"><a href="https://opensource.facebook.com" rel="noopener noreferrer" class="footerLogoLink_BH7S"><img src="/img/oss_logo.png" alt="Facebook Open Source Logo" class="themedImage_ToTc themedImage--light_HNdA footer__logo"><img src="/img/oss_logo.png" alt="Facebook Open Source Logo" class="themedImage_ToTc themedImage--dark_i4oU footer__logo"></a></div><div class="footer__copyright">Copyright © 2023 Meta Platforms, Inc. Built with Docusaurus.</div></div></div></footer></div>
-<script src="/assets/js/runtime~main.4240a0ef.js"></script>
+<script src="/assets/js/runtime~main.12fefa2a.js"></script>
 <script src="/assets/js/main.98fb840d.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/docs/rules/index.html b/docs/rules/index.html
index 2a27f56e..3a125119 100644
--- a/docs/rules/index.html
+++ b/docs/rules/index.html
@@ -5,7 +5,7 @@
 <meta name="generator" content="Docusaurus v2.1.0">
 <title data-rh="true">Rules | Mariana Trench</title><meta data-rh="true" name="viewport" content="width=device-width,initial-scale=1"><meta data-rh="true" name="twitter:card" content="summary_large_image"><meta data-rh="true" property="og:url" content="https://mariana-tren.ch/docs/rules/"><meta data-rh="true" name="docusaurus_locale" content="en"><meta data-rh="true" name="docsearch:language" content="en"><meta data-rh="true" name="docusaurus_version" content="current"><meta data-rh="true" name="docusaurus_tag" content="docs-default-current"><meta data-rh="true" name="docsearch:version" content="current"><meta data-rh="true" name="docsearch:docusaurus_tag" content="docs-default-current"><meta data-rh="true" property="og:title" content="Rules | Mariana Trench"><meta data-rh="true" name="description" content="A rule describes flows that we want to catch (e.g, user input flowing into command execution)."><meta data-rh="true" property="og:description" content="A rule describes flows that we want to catch (e.g, user input flowing into command execution)."><link data-rh="true" rel="icon" href="/img/favicon.ico"><link data-rh="true" rel="canonical" href="https://mariana-tren.ch/docs/rules/"><link data-rh="true" rel="alternate" href="https://mariana-tren.ch/docs/rules/" hreflang="en"><link data-rh="true" rel="alternate" href="https://mariana-tren.ch/docs/rules/" hreflang="x-default"><link rel="alternate" type="application/rss+xml" href="/blog/rss.xml" title="Mariana Trench RSS Feed">
 <link rel="alternate" type="application/atom+xml" href="/blog/atom.xml" title="Mariana Trench Atom Feed"><link rel="stylesheet" href="/assets/css/styles.e56ff910.css">
-<link rel="preload" href="/assets/js/runtime~main.4240a0ef.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.12fefa2a.js" as="script">
 <link rel="preload" href="/assets/js/main.98fb840d.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -13,7 +13,7 @@
 <div style="display: none; text-align: center; background-color: white; color: black;" id="internaldocs-banner"></div><div id="__docusaurus">
 <div role="region" aria-label="theme.common.skipToMainContent"><a href="#" class="skipToContent_fXgn">Skip to main content</a></div><nav class="navbar navbar--fixed-top"><div class="navbar__inner"><div class="navbar__items"><button aria-label="Navigation bar toggle" class="navbar__toggle clean-btn" type="button" tabindex="0"><svg width="30" height="30" viewBox="0 0 30 30" aria-hidden="true"><path stroke="currentColor" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2" d="M4 7h22M4 15h22M4 23h22"></path></svg></button><a class="navbar__brand" href="/"><b class="navbar__title text--truncate">Mariana Trench</b></a><a aria-current="page" class="navbar__item navbar__link navbar__link--active" href="/docs/overview/">Documentation</a></div><div class="navbar__items navbar__items--right"><a href="https://github.com/facebook/mariana-trench" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link">GitHub<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a><div class="searchBox_ZlJk"></div></div></div><div role="presentation" class="navbar-sidebar__backdrop"></div></nav><div class="main-wrapper mainWrapper_z2l0 docsWrapper_BCFX"><button aria-label="Scroll back to top" class="clean-btn theme-back-to-top-button backToTopButton_sjWU" type="button"></button><div class="docPage__5DB"><aside class="theme-doc-sidebar-container docSidebarContainer_b6E3"><div class="sidebar_njMd"><nav class="menu thin-scrollbar menu_SIkG"><ul class="theme-doc-sidebar-menu menu__list"><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret menu__link--active" aria-expanded="true" href="/docs/overview/">User Guide</a></div><ul style="display:block;overflow:visible;height:auto" class="menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/overview/">Overview</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/getting-started/">Getting Started</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/configuration/">Configuration</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/customize-sources-and-sinks/">Customize Sources and Sinks</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link menu__link--active" aria-current="page" tabindex="0" href="/docs/rules/">Rules</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/models/">Models &amp; Model Generators</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/shims/">Shims</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/feature-descriptions/">Feature Glossary</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/known-false-negatives/">Known False Negatives</a></li></ul></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/docs/contribution/">Developer Guide</a></div></li></ul></nav></div></aside><main class="docMainContainer_gTbr"><div class="container padding-top--md padding-bottom--lg"><div class="row"><div class="col docItemCol_VOVn"><div class="docItemContainer_Djhp"><article><nav class="theme-doc-breadcrumbs breadcrumbsContainer_Z_bl" aria-label="Breadcrumbs"><ul class="breadcrumbs" itemscope="" itemtype="https://schema.org/BreadcrumbList"><li class="breadcrumbs__item"><a aria-label="Home page" class="breadcrumbs__link" href="/"><svg viewBox="0 0 24 24" class="breadcrumbHomeIcon_OVgt"><path d="M10 19v-5h4v5c0 .55.45 1 1 1h3c.55 0 1-.45 1-1v-7h1.7c.46 0 .68-.57.33-.87L12.67 3.6c-.38-.34-.96-.34-1.34 0l-8.36 7.53c-.34.3-.13.87.33.87H5v7c0 .55.45 1 1 1h3c.55 0 1-.45 1-1z" fill="currentColor"></path></svg></a></li><li class="breadcrumbs__item"><span class="breadcrumbs__link">User Guide</span><meta itemprop="position" content="1"></li><li itemscope="" itemprop="itemListElement" itemtype="https://schema.org/ListItem" class="breadcrumbs__item breadcrumbs__item--active"><span class="breadcrumbs__link" itemprop="name">Rules</span><meta itemprop="position" content="2"></li></ul></nav><div class="theme-doc-markdown markdown"><header><h1>Rules</h1></header><p>A rule describes flows that we want to catch (e.g, user input flowing into command execution).
 A rule is made of a set of source <a href="/docs/models/#kinds">kinds</a>, a set of sink kinds, a name, a code, and a description.</p><p>Here is an example of a rule in JSON:</p><div class="language-json codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-json codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token punctuation" style="color:rgb(199, 146, 234)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;name&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;User input flows into code execution (RCE)&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;code&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token number" style="color:rgb(247, 140, 108)">1</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;description&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;Values from user-controlled source may eventually flow into code execution&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;sources&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;UserCamera&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;UserInput&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token property">&quot;sinks&quot;</span><span class="token operator" style="color:rgb(137, 221, 255)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(199, 146, 234)">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;CodeAsyncJob&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">    </span><span class="token string" style="color:rgb(195, 232, 141)">&quot;CodeExecution&quot;</span><span class="token punctuation" style="color:rgb(199, 146, 234)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">  </span><span class="token punctuation" style="color:rgb(199, 146, 234)">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"></span><span class="token punctuation" style="color:rgb(199, 146, 234)">}</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg class="copyButtonIcon_y97N" viewBox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg class="copyButtonSuccessIcon_LjdS" viewBox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>For guidance on modeling sources and sinks, see the next section, <a href="/docs/models/">Models and Model Generators</a>.</p><p>Rules used by Mariana Trench can be specified with the <code>--rules-paths</code> argument. The default set of rules that run can be found in <a href="https://github.com/facebook/mariana-trench/blob/main/configuration/rules.json" target="_blank" rel="noopener noreferrer">configuration/rules.json</a>.</p><div></div></div><footer class="theme-doc-footer docusaurus-mt-lg"><div class="theme-doc-footer-edit-meta-row row"><div class="col"><a href="https://github.com/facebook/mariana-trench/tree/main/documentation/website/documentation/rules.md" target="_blank" rel="noreferrer noopener" class="theme-edit-this-page"><svg fill="currentColor" height="20" width="20" viewBox="0 0 40 40" class="iconEdit_Z9Sw" aria-hidden="true"><g><path d="m34.5 11.7l-3 3.1-6.3-6.3 3.1-3q0.5-0.5 1.2-0.5t1.1 0.5l3.9 3.9q0.5 0.4 0.5 1.1t-0.5 1.2z m-29.5 17.1l18.4-18.5 6.3 6.3-18.4 18.4h-6.3v-6.2z"></path></g></svg>Edit this page</a></div><div class="col lastUpdated_vwxv"></div></div></footer></article><nav class="pagination-nav docusaurus-mt-lg" aria-label="Docs pages navigation"><a class="pagination-nav__link pagination-nav__link--prev" href="/docs/customize-sources-and-sinks/"><div class="pagination-nav__sublabel">Previous</div><div class="pagination-nav__label">Customize Sources and Sinks</div></a><a class="pagination-nav__link pagination-nav__link--next" href="/docs/models/"><div class="pagination-nav__sublabel">Next</div><div class="pagination-nav__label">Models &amp; Model Generators</div></a></nav></div></div></div></div></main></div></div><footer class="footer footer--dark"><div class="container container-fluid"><div class="row footer__links"><div class="col footer__col"><div class="footer__title">Learn</div><ul class="footer__items clean-list"><li class="footer__item"><a class="footer__link-item" href="/docs/getting-started/">Getting Started</a></li></ul></div><div class="col footer__col"><div class="footer__title">Community</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://twitter.com/metaOpenSource" target="_blank" rel="noopener noreferrer" class="footer__link-item">Twitter<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div><div class="col footer__col"><div class="footer__title">More</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://github.com/facebook/mariana-trench" target="_blank" rel="noopener noreferrer" class="footer__link-item">GitHub<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div><div class="col footer__col"><div class="footer__title">Legal</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://opensource.facebook.com/legal/privacy/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Privacy<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li class="footer__item"><a href="https://opensource.facebook.com/legal/terms/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Terms<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div></div><div class="footer__bottom text--center"><div class="margin-bottom--sm"><a href="https://opensource.facebook.com" rel="noopener noreferrer" class="footerLogoLink_BH7S"><img src="/img/oss_logo.png" alt="Facebook Open Source Logo" class="themedImage_ToTc themedImage--light_HNdA footer__logo"><img src="/img/oss_logo.png" alt="Facebook Open Source Logo" class="themedImage_ToTc themedImage--dark_i4oU footer__logo"></a></div><div class="footer__copyright">Copyright © 2023 Meta Platforms, Inc. Built with Docusaurus.</div></div></div></footer></div>
-<script src="/assets/js/runtime~main.4240a0ef.js"></script>
+<script src="/assets/js/runtime~main.12fefa2a.js"></script>
 <script src="/assets/js/main.98fb840d.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/docs/shims/index.html b/docs/shims/index.html
index 30f11424..6c413e6d 100644
--- a/docs/shims/index.html
+++ b/docs/shims/index.html
@@ -5,7 +5,7 @@
 <meta name="generator" content="Docusaurus v2.1.0">
 <title data-rh="true">Shims | Mariana Trench</title><meta data-rh="true" name="viewport" content="width=device-width,initial-scale=1"><meta data-rh="true" name="twitter:card" content="summary_large_image"><meta data-rh="true" property="og:url" content="https://mariana-tren.ch/docs/shims/"><meta data-rh="true" name="docusaurus_locale" content="en"><meta data-rh="true" name="docsearch:language" content="en"><meta data-rh="true" name="docusaurus_version" content="current"><meta data-rh="true" name="docusaurus_tag" content="docs-default-current"><meta data-rh="true" name="docsearch:version" content="current"><meta data-rh="true" name="docsearch:docusaurus_tag" content="docs-default-current"><meta data-rh="true" property="og:title" content="Shims | Mariana Trench"><meta data-rh="true" name="description" content="What is a &quot;shim&quot;?"><meta data-rh="true" property="og:description" content="What is a &quot;shim&quot;?"><link data-rh="true" rel="icon" href="/img/favicon.ico"><link data-rh="true" rel="canonical" href="https://mariana-tren.ch/docs/shims/"><link data-rh="true" rel="alternate" href="https://mariana-tren.ch/docs/shims/" hreflang="en"><link data-rh="true" rel="alternate" href="https://mariana-tren.ch/docs/shims/" hreflang="x-default"><link rel="alternate" type="application/rss+xml" href="/blog/rss.xml" title="Mariana Trench RSS Feed">
 <link rel="alternate" type="application/atom+xml" href="/blog/atom.xml" title="Mariana Trench Atom Feed"><link rel="stylesheet" href="/assets/css/styles.e56ff910.css">
-<link rel="preload" href="/assets/js/runtime~main.4240a0ef.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.12fefa2a.js" as="script">
 <link rel="preload" href="/assets/js/main.98fb840d.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
@@ -35,7 +35,7 @@
 shim-target, the trace following the call-site of the <em>shimmed-method</em> will be
 the <em>shim-target</em> and a feature <code>via-shim:&lt;shimmed-method&gt;</code> will be introduced
 at that point.</p><p>Sample shim definitions <a href="https://github.com/facebook/mariana-trench/blob/main/source/tests/integration/end-to-end/code/shims/shims.json" target="_blank" rel="noopener noreferrer">here</a>.</p><div></div></div><footer class="theme-doc-footer docusaurus-mt-lg"><div class="theme-doc-footer-edit-meta-row row"><div class="col"><a href="https://github.com/facebook/mariana-trench/tree/main/documentation/website/documentation/shims.md" target="_blank" rel="noreferrer noopener" class="theme-edit-this-page"><svg fill="currentColor" height="20" width="20" viewBox="0 0 40 40" class="iconEdit_Z9Sw" aria-hidden="true"><g><path d="m34.5 11.7l-3 3.1-6.3-6.3 3.1-3q0.5-0.5 1.2-0.5t1.1 0.5l3.9 3.9q0.5 0.4 0.5 1.1t-0.5 1.2z m-29.5 17.1l18.4-18.5 6.3 6.3-18.4 18.4h-6.3v-6.2z"></path></g></svg>Edit this page</a></div><div class="col lastUpdated_vwxv"></div></div></footer></article><nav class="pagination-nav docusaurus-mt-lg" aria-label="Docs pages navigation"><a class="pagination-nav__link pagination-nav__link--prev" href="/docs/models/"><div class="pagination-nav__sublabel">Previous</div><div class="pagination-nav__label">Models &amp; Model Generators</div></a><a class="pagination-nav__link pagination-nav__link--next" href="/docs/feature-descriptions/"><div class="pagination-nav__sublabel">Next</div><div class="pagination-nav__label">Feature Glossary</div></a></nav></div></div><div class="col col--3"><div class="tableOfContents_bqdL thin-scrollbar theme-doc-toc-desktop"><ul class="table-of-contents table-of-contents__left-border"><li><a href="#what-is-a-shim" class="table-of-contents__link toc-highlight">What is a &quot;shim&quot;?</a></li><li><a href="#terminologies" class="table-of-contents__link toc-highlight">Terminologies</a></li><li><a href="#specifying-shims" class="table-of-contents__link toc-highlight">Specifying Shims</a><ul><li><a href="#configuration-file" class="table-of-contents__link toc-highlight">Configuration file</a></li><li><a href="#shim-definition" class="table-of-contents__link toc-highlight">Shim Definition</a></li><li><a href="#example" class="table-of-contents__link toc-highlight">Example</a></li></ul></li></ul></div></div></div></div></main></div></div><footer class="footer footer--dark"><div class="container container-fluid"><div class="row footer__links"><div class="col footer__col"><div class="footer__title">Learn</div><ul class="footer__items clean-list"><li class="footer__item"><a class="footer__link-item" href="/docs/getting-started/">Getting Started</a></li></ul></div><div class="col footer__col"><div class="footer__title">Community</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://twitter.com/metaOpenSource" target="_blank" rel="noopener noreferrer" class="footer__link-item">Twitter<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div><div class="col footer__col"><div class="footer__title">More</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://github.com/facebook/mariana-trench" target="_blank" rel="noopener noreferrer" class="footer__link-item">GitHub<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div><div class="col footer__col"><div class="footer__title">Legal</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://opensource.facebook.com/legal/privacy/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Privacy<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li class="footer__item"><a href="https://opensource.facebook.com/legal/terms/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Terms<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div></div><div class="footer__bottom text--center"><div class="margin-bottom--sm"><a href="https://opensource.facebook.com" rel="noopener noreferrer" class="footerLogoLink_BH7S"><img src="/img/oss_logo.png" alt="Facebook Open Source Logo" class="themedImage_ToTc themedImage--light_HNdA footer__logo"><img src="/img/oss_logo.png" alt="Facebook Open Source Logo" class="themedImage_ToTc themedImage--dark_i4oU footer__logo"></a></div><div class="footer__copyright">Copyright © 2023 Meta Platforms, Inc. Built with Docusaurus.</div></div></div></footer></div>
-<script src="/assets/js/runtime~main.4240a0ef.js"></script>
+<script src="/assets/js/runtime~main.12fefa2a.js"></script>
 <script src="/assets/js/main.98fb840d.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/index.html b/index.html
index 9d6a46a8..44705313 100644
--- a/index.html
+++ b/index.html
@@ -5,14 +5,14 @@
 <meta name="generator" content="Docusaurus v2.1.0">
 <title data-rh="true">Mariana Trench | Mariana Trench</title><meta data-rh="true" name="viewport" content="width=device-width,initial-scale=1"><meta data-rh="true" name="twitter:card" content="summary_large_image"><meta data-rh="true" property="og:url" content="https://mariana-tren.ch/"><meta data-rh="true" name="docusaurus_locale" content="en"><meta data-rh="true" name="docusaurus_tag" content="default"><meta data-rh="true" name="docsearch:language" content="en"><meta data-rh="true" name="docsearch:docusaurus_tag" content="default"><meta data-rh="true" property="og:title" content="Mariana Trench | Mariana Trench"><meta data-rh="true" name="description" content="Security focused static analysis tool for Android and Java applications."><meta data-rh="true" property="og:description" content="Security focused static analysis tool for Android and Java applications."><link data-rh="true" rel="icon" href="/img/favicon.ico"><link data-rh="true" rel="canonical" href="https://mariana-tren.ch/"><link data-rh="true" rel="alternate" href="https://mariana-tren.ch/" hreflang="en"><link data-rh="true" rel="alternate" href="https://mariana-tren.ch/" hreflang="x-default"><script data-rh="true">function maybeInsertBanner(){window.__DOCUSAURUS_INSERT_BASEURL_BANNER&&insertBanner()}function insertBanner(){var n=document.getElementById("docusaurus-base-url-issue-banner-container");if(n){n.innerHTML='\n<div id="docusaurus-base-url-issue-banner" style="border: thick solid red; background-color: rgb(255, 230, 179); margin: 20px; padding: 20px; font-size: 20px;">\n   <p style="font-weight: bold; font-size: 30px;">Your Docusaurus site did not load properly.</p>\n   <p>A very common reason is a wrong site <a href="https://docusaurus.io/docs/docusaurus.config.js/#baseurl" style="font-weight: bold;">baseUrl configuration</a>.</p>\n   <p>Current configured baseUrl = <span style="font-weight: bold; color: red;">/</span>  (default value)</p>\n   <p>We suggest trying baseUrl = <span id="docusaurus-base-url-issue-banner-suggestion-container" style="font-weight: bold; color: green;"></span></p>\n</div>\n';var e=document.getElementById("docusaurus-base-url-issue-banner-suggestion-container"),s=window.location.pathname,r="/"===s.substr(-1)?s:s+"/";e.innerHTML=r}}window.__DOCUSAURUS_INSERT_BASEURL_BANNER=!0,document.addEventListener("DOMContentLoaded",maybeInsertBanner)</script><link rel="alternate" type="application/rss+xml" href="/blog/rss.xml" title="Mariana Trench RSS Feed">
 <link rel="alternate" type="application/atom+xml" href="/blog/atom.xml" title="Mariana Trench Atom Feed"><link rel="stylesheet" href="/assets/css/styles.e56ff910.css">
-<link rel="preload" href="/assets/js/runtime~main.4240a0ef.js" as="script">
+<link rel="preload" href="/assets/js/runtime~main.12fefa2a.js" as="script">
 <link rel="preload" href="/assets/js/main.98fb840d.js" as="script">
 </head>
 <body class="navigation-with-keyboard">
 <script>!function(){function t(t){document.documentElement.setAttribute("data-theme",t)}var e=function(){var t=null;try{t=localStorage.getItem("theme")}catch(t){}return t}();t(null!==e?e:"light")}()</script>
 <div style="display: none; text-align: center; background-color: white; color: black;" id="internaldocs-banner"></div><div id="__docusaurus">
 <div id="docusaurus-base-url-issue-banner-container"></div><div role="region" aria-label="theme.common.skipToMainContent"><a href="#" class="skipToContent_fXgn">Skip to main content</a></div><nav class="navbar navbar--fixed-top"><div class="navbar__inner"><div class="navbar__items"><button aria-label="Navigation bar toggle" class="navbar__toggle clean-btn" type="button" tabindex="0"><svg width="30" height="30" viewBox="0 0 30 30" aria-hidden="true"><path stroke="currentColor" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2" d="M4 7h22M4 15h22M4 23h22"></path></svg></button><a class="navbar__brand" href="/"><b class="navbar__title text--truncate">Mariana Trench</b></a><a class="navbar__item navbar__link" href="/docs/overview/">Documentation</a></div><div class="navbar__items navbar__items--right"><a href="https://github.com/facebook/mariana-trench" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link">GitHub<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a><div class="searchBox_ZlJk"></div></div></div><div role="presentation" class="navbar-sidebar__backdrop"></div></nav><div class="main-wrapper mainWrapper_z2l0"><header class="hero hero--primary heroBanner_UJJx"><div class="container"><img src="img/MarianaTrench-Icon.png" alt="Mariana Trench Logo" width="170"><h1 class="hero__title">Mariana Trench</h1><p class="hero__subtitle">Security-Focused Static Analysis for Android and Java Applications</p><div class="buttons_pzbO"><a class="button button--outline button--secondary button--lg buttons_pzbO" href="/docs/overview/">Get Started</a></div></div></header><main><div class="container padding-vert--s text--left"><div class="row"><div class="col"><section class="features_keug"><div class="container"><div class="row"><div class="col col--4"><h3>Android and Java</h3><p>Find security vulnerabilities in Android and Java applications. Mariana Trench analyzes Dalvik bytecode.</p></div><div class="col col--4"><h3>Fast</h3><p>Mariana Trench is built to run fast on large codebases (10s of millions of lines of code). It can find vulnerabilities as code changes, before it ever lands in your repository.</p></div><div class="col col--4"><h3>Customizable</h3><p>Adapt Mariana Trench to your needs. Find the vulnerabilities that you care about by teaching Mariana Trench where data comes from and where you do not want it to go.</p></div></div></div></section></div></div></div></main></div><footer class="footer footer--dark"><div class="container container-fluid"><div class="row footer__links"><div class="col footer__col"><div class="footer__title">Learn</div><ul class="footer__items clean-list"><li class="footer__item"><a class="footer__link-item" href="/docs/getting-started/">Getting Started</a></li></ul></div><div class="col footer__col"><div class="footer__title">Community</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://twitter.com/metaOpenSource" target="_blank" rel="noopener noreferrer" class="footer__link-item">Twitter<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div><div class="col footer__col"><div class="footer__title">More</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://github.com/facebook/mariana-trench" target="_blank" rel="noopener noreferrer" class="footer__link-item">GitHub<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div><div class="col footer__col"><div class="footer__title">Legal</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://opensource.facebook.com/legal/privacy/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Privacy<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li class="footer__item"><a href="https://opensource.facebook.com/legal/terms/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Terms<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div></div><div class="footer__bottom text--center"><div class="margin-bottom--sm"><a href="https://opensource.facebook.com" rel="noopener noreferrer" class="footerLogoLink_BH7S"><img src="/img/oss_logo.png" alt="Facebook Open Source Logo" class="themedImage_ToTc themedImage--light_HNdA footer__logo"><img src="/img/oss_logo.png" alt="Facebook Open Source Logo" class="themedImage_ToTc themedImage--dark_i4oU footer__logo"></a></div><div class="footer__copyright">Copyright © 2023 Meta Platforms, Inc. Built with Docusaurus.</div></div></div></footer></div>
-<script src="/assets/js/runtime~main.4240a0ef.js"></script>
+<script src="/assets/js/runtime~main.12fefa2a.js"></script>
 <script src="/assets/js/main.98fb840d.js"></script>
 </body>
 </html>
\ No newline at end of file