{"id":13843105,"url":"https://github.com/SummerSec/SPATool","last_synced_at":"2025-07-11T18:30:34.838Z","repository":{"id":43117880,"uuid":"456141071","full_name":"SummerSec/SPATool","owner":"SummerSec","description":"静态程序分析工具 主要生成方法的CFG和.java文件的AST ","archived":false,"fork":false,"pushed_at":"2023-07-12T02:02:18.000Z","size":26402,"stargazers_count":130,"open_issues_count":0,"forks_count":20,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-07-10T00:38:32.364Z","etag":null,"topics":["ast","cfg","programming-language","sa","spa","spatool","static-analysis"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/SummerSec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2022-02-06T12:13:06.000Z","updated_at":"2025-07-04T02:38:47.000Z","dependencies_parsed_at":"2022-09-07T05:30:22.937Z","dependency_job_id":"d3d9f642-7cb4-4b94-a5fc-39067c9252e6","html_url":"https://github.com/SummerSec/SPATool","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":"SummerSec/template","purl":"pkg:github/SummerSec/SPATool","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SummerSec%2FSPATool","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SummerSec%2FSPATool/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SummerSec%2FSPATool/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SummerSec%2FSPATool/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/SummerSec","download_url":"https://codeload.github.com/SummerSec/SPATool/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SummerSec%2FSPATool/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264869904,"owners_count":23676126,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ast","cfg","programming-language","sa","spa","spatool","static-analysis"],"created_at":"2024-08-04T17:01:55.275Z","updated_at":"2025-07-11T18:30:29.826Z","avatar_url":"https://github.com/SummerSec.png","language":"Java","readme":"\n\u003ch1 align=\"center\" \u003eSPATool\u003c/h1\u003e\n\u003ch3 align=\"center\" \u003e静态程序分析工具 主要生成方法的CFG和.java文件的AST\u003c/h3\u003e\n \u003cp align=\"center\"\u003e\n    \u003ca href=\"https://github.com/SummerSec/SPATool\"\u003e\u003c/a\u003e\n    \u003ca href=\"https://github.com/SummerSec/SPATool\"\u003e\u003cimg alt=\"template\" src=\"https://img.shields.io/badge/SPATool-green\"\u003e\u003c/a\u003e\n    \u003ca href=\"https://github.com/SummerSec/SPATool\"\u003e\u003cimg alt=\"Forks\" src=\"https://img.shields.io/github/forks/SummerSec/SPATool\"\u003e\u003c/a\u003e\n     \u003ca href=\"https://github.com/SummerSec/SPATool\"\u003e\u003cimg alt=\"Release\" src=\"https://img.shields.io/github/release/SummerSec/SPATool.svg\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/SummerSec/SPATool\"\u003e\u003cimg alt=\"Stars\" src=\"https://img.shields.io/github/stars/SummerSec/SPATool.svg?style=social\u0026label=Stars\"\u003e\u003c/a\u003e\n     \u003ca href=\"https://github.com/SummerSec\"\u003e\u003cimg alt=\"Follower\" src=\"https://img.shields.io/github/followers/SummerSec.svg?style=social\u0026label=Follow\"\u003e\u003c/a\u003e\n     \u003ca href=\"https://github.com/SummerSec\"\u003e\u003cimg alt=\"Visitor\" src=\"https://visitor-badge.laobi.icu/badge?page_id=SummerSec.SPATool\"\u003e\u003c/a\u003e\n\t\u003ca href=\"https://twitter.com/SecSummers\"\u003e\u003cimg alt=\"SecSummers\" src=\"https://img.shields.io/twitter/follow/SecSummers.svg\"\u003e\u003c/a\u003e\n\t\u003ca xmlns=\"http://www.w3.org/2000/svg\" xmlns:xlink=\"http://www.w3.org/1999/xlink\" xlink:href=\"https://visitor-badge.laobi.icu\"\u003e\u003crect fill=\"rgba(0,0,0,0)\" height=\"20\" width=\"49.6\"/\u003e\u003c/a\u003e\n\t\u003ca xmlns=\"http://www.w3.org/2000/svg\" xmlns:xlink=\"http://www.w3.org/1999/xlink\" xlink:href=\"https://visitor-badge.laobi.icu\"\u003e\u003crect fill=\"rgba(0,0,0,0)\" height=\"20\" width=\"17.0\" x=\"49.6\"/\u003e\u003c/a\u003e\n\t\u003c/p\u003e\n  \n\n## 📝 TODO\n\n- [ ] Class文件生成IR\n- [ ] IR文件生成CFG\n- [ ] 命令行模式\n\n---\n## 🐉 来龙去脉\n\n未来这段时间可能会在静态分析领域上继续研究，这是但新手小白会面对**CFG**（Control-Flow-Graph控制流图）和**AST**（Abstract Syntax Tree抽象语法树）怎么看都不知道的问题，导致无从下手。以此这是这款工具诞生的契机，目前工具使用的是Soot生成CFG，使用JavaParser生成AST。\n\n\n\n---\n## ⚡下载安装\n\n* 第一步必须下载安装[Graphviz](https://graphviz.org/download/)，并配置环境变量。\n\n​\t下载地址：[https://graphviz.org/download/](https://graphviz.org/download/)，参考配置如下。\n\n![image-20220214201824399](https://img.sumsec.me/24u1824ec24u1824ec.png)\n\n\u003e 检测是否配置成功，执行命令`dot -h`\n\n![image-20220214201909412](https://img.sumsec.me/9u199ec9u199ec.png)\n\n* GitHub Release 下载\n\n    [https://github.com/SummerSec/SPATool/releases](https://github.com/SummerSec/SPATool/releases)\n\n* CDN历史版本下载页面\n\n    [https://spat.sumsec.me/version.html](https://spat.sumsec.me/version.html)\n\n\n\n---\n## 🎬 使用方法\n\n**效果页面**\n\n![image-20220214154214904](https://img.sumsec.me/22u4222ec22u4222ec.png)\n\n**GUI使用说明**\n\n* [AST模块使用说明](https://spat.sumsec.me/ASTREADME.html)\n\n* [CFG模块使用说明](https://spat.sumsec.me/CFGREADME.html)\n\n**Cli使用说明**\n\n* [CLIREADME](CLIREADME.md)\n\n\n\n\n\n----\n\n\n\n\n## 🅱️ 免责声明\n\n该工具仅用于安全自查检测\n\n由于传播、利用此工具所提供的信息而造成的任何直接或者间接的后果及损失，均由使用者本人负责，作者不为此承担任何责任。\n\n本人拥有对此工具的修改和解释权。未经网络安全部门及相关部门允许，不得善自使用本工具进行任何攻击活动，不得以任何方式将其用于商业目的。\n\n该工具只授权于企业内部进行问题排查，请勿用于非法用途，请遵守网络安全法，否则后果作者概不负责\n\n----\n\n\n![as](https://starchart.cc/SummerSec/SPATool.svg)\n","funding_links":[],"categories":["Java"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FSummerSec%2FSPATool","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FSummerSec%2FSPATool","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FSummerSec%2FSPATool/lists"}