{"id":18609509,"url":"https://github.com/secure-software-engineering/swan","last_synced_at":"2025-06-24T23:08:38.735Z","repository":{"id":40998770,"uuid":"168190040","full_name":"secure-software-engineering/swan","owner":"secure-software-engineering","description":"Security methods for WeAkNess detection","archived":false,"fork":false,"pushed_at":"2025-02-27T14:43:50.000Z","size":197212,"stargazers_count":20,"open_issues_count":23,"forks_count":7,"subscribers_count":7,"default_branch":"master","last_synced_at":"2025-04-11T08:51:44.577Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/secure-software-engineering.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2019-01-29T16:43:14.000Z","updated_at":"2025-02-04T11:12:58.000Z","dependencies_parsed_at":"2023-11-06T23:31:39.534Z","dependency_job_id":"590cfe2d-65cd-4cf1-89b0-0954363df06a","html_url":"https://github.com/secure-software-engineering/swan","commit_stats":null,"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"purl":"pkg:github/secure-software-engineering/swan","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secure-software-engineering%2Fswan","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secure-software-engineering%2Fswan/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secure-software-engineering%2Fswan/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secure-software-engineering%2Fswan/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/secure-software-engineering","download_url":"https://codeload.github.com/secure-software-engineering/swan/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secure-software-engineering%2Fswan/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":261771147,"owners_count":23207221,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-07T03:06:18.628Z","updated_at":"2025-06-24T23:08:38.708Z","avatar_url":"https://github.com/secure-software-engineering.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# SWAN (Security methods for WeAkNess detection)\n\nSWAN is a machine-learning approach that detects security-relevant methods (SRM) in Java programs.\nSWAN should be used in combination with other static analyses tools and it helps the users to create a set of relevant methods required as an input for static analyses, e.g. taint- and type-state analysis.\nThe tool currently detects four types of security relevant methods, namely: source, sink, sanitizer, and authentication methods.\nSWAN also labels methods as relevant for 7 [Common Weakness Enumeration (CWE)](https://cwe.mitre.org/), namely: [CWE78 OS Command Injection](https://cwe.mitre.org/data/definitions/78.html), [CWE79 Cross-site Scripting](https://cwe.mitre.org/data/definitions/79.html), [CWE89 SQL Injection](https://cwe.mitre.org/data/definitions/89.html), [CWE306 Missing Authentication](https://cwe.mitre.org/data/definitions/306.html), [CWE601 Open Redirect](https://cwe.mitre.org/data/definitions/601.html), [CWE862 Missing Authorisation](https://cwe.mitre.org/data/definitions/862.html), and\n[CWE863 Incorrect Authorisation](https://cwe.mitre.org/data/definitions/863.html).\n\nThe project is divided into two main components: the command line tool [\u003ccode\u003e**swan-cmd**\u003c/code\u003e](https://github.com/secure-software-engineering/swan/tree/master/swan-cmd) and the IntelliJ plugin [\u003ccode\u003e**dev-assist**\u003c/code\u003e](https://github.com/secure-software-engineering/swan/tree/master/dev-assist) that provides a GUI for SWAN. \n\n1. \u003ccode\u003e**swan-cmd**\u003c/code\u003e is the command line implementation for SWAN with components for data collection, feature engineering, model selection and SRM prediction. The command line tool uses the following Maven modules:\n    - \u003ccode\u003e**training-data-jars**\u003c/code\u003e contains dependencies from which the training examples are extracted.\n    - Java Doclets to process and export software documentation\n      - \u003ccode\u003e**coverage-doclet**\u003c/code\u003e calculates the software documentation coverage of Java programs based on the presence of doc comments for classes, methods, and other objects.\n      - \u003ccode\u003e**xml-doclet**\u003c/code\u003e exports doc comments to XML files so that they can be analyzed by the Natural Language Processing (NLP) module\n2. \u003ccode\u003e**dev-assist**\u003c/code\u003e provides GUI support for SWAN and enables active machine learning.\n\n\nHow do I get started with SWAN?\n-------------\nTo run SWAN, you will need to provide a path to the Java project to be analyzed (JAR files or compiled classes) as well an output directory where SWAN will export its results. The easiest way to get started with SWAN is to use the pre-built binary from the newest release. After downloading the necessary files from the most recent release, SWAN can be executed on the command line with the following command:\n\n\u003ccode\u003e**java -jar swan-cmd-3.x.x.jar -test** */path/to/project/files* **-o** */output/directory* \u003c/code\u003e\n\nThis command runs the application and exports the detected security-relevant methods to a JSON file in the provided output directory. This command uses the following default settings: training dataset \u003ccode\u003e-in [dataset](/swan-cmd/src/main/resources/dataset)\u003c/code\u003e, code features \u003ccode\u003e-f code\u003c/code\u003e, and the MEKA toolkit \u003ccode\u003e-t meka\u003c/code\u003e. The remaining default options are found in [CLIRunner](/swan-cmd/src/main/java/de/fraunhofer/iem/swan/cli/CliRunner.java). The available command line options can be found in the Wiki or by using the \u003ccode\u003e-help\u003c/code\u003e command line option.\n\nHow do I build SWAN?\n-------------\nIf you cloned the project or downloaded SWAN as a compressed release (e.g. .zip or .tar.gz), you can use \u003ccode\u003emvn package\u003c/code\u003e to package the project. The commands provided above can then be used to run the generated JAR file. Alternatively, you can import the project directly into your IDE from the repository and package the project via the terminal or the Maven plugin in your IDE.\n\n\nContributors\n-------------\nThe following persons have contributed to SWAN: Goran Piskachev (gpiskach@amazon.de), Lisa Nguyen (lisa.nguyen@uni-paderborn.de), Oshando Johnson (oshando.johnson@iem.fraunhofer.de), Eric Bodden (eric.bodden@uni-paderborn.de).\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsecure-software-engineering%2Fswan","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsecure-software-engineering%2Fswan","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsecure-software-engineering%2Fswan/lists"}