Soot is a Java optimization framework. I am using Soot to analyze some micro-service projects. Now, all I know is that Soot accepts .jar, .zip, .dex, .apk and source codes as input. However, some of them will be packaged into .war. Does Soot support .war analysis? And is there any relevant help info?
Asked
Active
Viewed 82 times
1 Answers
2
no direct support but not that hard to hack,
giving Soot load bytecodes by SourceLocator, pre-defined support types are jar, zip, apk, dex, directory, jrt ,see here,
the simplest workaround is by extracting the war file and set inputs (a.k.a set_process_dir) to the unzipped WEB_INFO/classes directory,
but you can extend war format supporting by hacking getClassesUnder and getClassSource
Minami
- 963
- 6
- 21
-
Yes, I just unzip the war file and find the `WEB_INFO/classes` diretory, package it into a jar file. Soot can handle this kind of jar. – Rick.X Nov 03 '21 at 06:41