# mariana 安卓静态分析工具简介

## 工作原理

### 什么是Model

/**
* A Model is a summary of what we know about a method. A Model should
* contain the properties we are interested in, such as *generations*,
* *propagations* and *sinks*.
*
* A *mode* describes a specific behavior of a model. See Model::Mode.
*
* A *generation* describes the property that the method either
* returns a tainted value or mutates (and hence taints) a reference type
* argument, regardless of whether parameters are tainted.
*
* A *parameter source* of a method describes the property that the method
* receives a tainted value on a given parameter.
*
* A *propagation* describes how taint may flow through a method. More
* specifically, how taint may flow from a parameter to the method's return
* value or another parameters. A *propagation* will only propagate the taint
* if the parameter is tainted. See Propagation.
*
* A *global sanitizer* sanitizes all sources, sinks or propagations flowing
* through the method that have a kind dictated by its kinds field
*
* *Attach to sources* automatically adds features to all sources flowing out of
* the method.
*
* *Attach to sinks* automatically adds features to all sources flowing in
* the method.
*
* *Attach to propagations* automatically adds features to all propagations from
* or to a given argument or return value.
*
* *Add features to arguments* automatically adds features to all taint that
* might flow in or out of a given argument. This is equivalent to *attach to
* sources/sinks/propagations*, but also adds features even when there is no
* inferred propagation. E.g,
* 
* List<String> x;
* f(x);
* // Here x has the feature, regardless of the propagations of f.
* 
*
* *inline as* is either top, bottom or an argument access path that will be
* used to inline the method at call sites.
*/



{
"method": "Lcom/security/bvaa/MainActivity;.f:()V",
"position": {
"line": 44,
"path": "com/security/bvaa/MainActivity.java"
}
}