Overview
What is Mariana Trench
Mariana Trench is a security focused static analysis platform targeting Android. The tool provides an extensible global taint analysis similar to pre-existing tools like Pysa for Python. The tool leverages existing static analysis infrastructure (e.g, SPARTA) built on top of Redex.
By default Mariana Trench analyzes dalvik bytecode and can work with or without access to the source code.
Background
Sources and Sinks
Under the context of taint analysis [1], "sources" usually mean sensitive data that originates from users. For example, sources can be users' passwords or locations. "Sinks" usually mean functions or methods that use data that "flows" from sources, where the term "flow" is generally defined under the context of "information flow" [2].
An operation, or series of operations, that uses the value of some object, say x, to derive a value for another, say y, causes a flow from x to y
As an example, sinks can be a logging API that writes data into a log file.
What does Mariana Trench do?
A flow from sources to sinks indicate that for example user passwords may get logged into a file, which is not desirable and is called as an "issue" under the context of Mariana Trench. Mariana Trench is designed to automatically discover such issues.
Usage
The usage of Mariana Trench can be summarized in three steps:
- Specify customized "sources" and "sinks". (See Customize Sources and Sinks)
- Run Mariana Trench on an arbitrary Java repository (with the sources and sinks specified in Step 1), whether it be a repository for an Android application project or for a vanilla (or plain old) Java project.
- View the analysis results from a web browser. (For steps 2 and 3 see Getting Started)