Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/CodeShield-Security/SPDS

Efficient and Precise Pointer-Tracking Data-Flow Framework
https://github.com/CodeShield-Security/SPDS

Last synced: 21 days ago
JSON representation

Efficient and Precise Pointer-Tracking Data-Flow Framework

Host: GitHub
URL: https://github.com/CodeShield-Security/SPDS
Owner: CodeShield-Security
License: epl-2.0
Fork: true (CROSSINGTUD/SPDS)
Created: 2020-06-20T14:37:25.000Z (over 4 years ago)
Default Branch: master
Last Pushed: 2024-03-17T10:09:49.000Z (9 months ago)
Last Synced: 2024-08-05T17:36:28.941Z (4 months ago)
Language: Java
Homepage:
Size: 79.7 MB
Stars: 61
Watchers: 5
Forks: 12
Open Issues: 13
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-hacking-lists - CodeShield-Security/SPDS - Efficient and Precise Pointer-Tracking Data-Flow Framework (Java)

README

[![Java CI with Maven](https://github.com/CodeShield-Security/SPDS/workflows/Java%20CI%20with%20Maven/badge.svg?branch=master)](https://github.com/CodeShield-Security/SPDS/actions)

# SPDS

This repository contains a Java implementation of Synchronized Pushdown Systems.
Additionally, it contains an implementation of [Boomerang](boomerangPDS) and [IDEal](idealPDS) based on a Weighted Pushdown System.

# Use as Maven dependency

The projects are released on [Maven Central](https://central.sonatype.com/artifact/de.fraunhofer.iem/SPDS) and can be included as a dependency in `.pom` files:

```.xml

de.fraunhofer.iem
SPDS
3.1.2

```

# Checkout, Build and Install

To build and install SPDS into your local repository, run

``mvn clean install -DskipTests``

in the root directory of this git repository. If you do not want to skip the test cases, remove the last flag.

# Examples

Boomerang code examples can be found [here](https://github.com/CodeShield-Security/SPDS/tree/master/boomerangPDS/src/main/java/boomerang/example). Code examples for IDEal are given [here](https://github.com/CodeShield-Security/SPDS/tree/master/idealPDS/src/main/java/inference/example).

# Notes on the Test Cases

The projects Boomerang and IDEal contain JUnit test suites. As for JUnit, the test methods are annotated with @Test and can be run as normal JUnit tests.
However, these methods are *not* executed but only statically analyzed. When one executes the JUnit tests, the test method bodies are supplied as input to Soot
and a static analysis is triggered. All this happens in JUnit's @Before test time. The test method itself is never run, may throw NullPointerExceptions or may not even terminate.

If the static analysis succeeded, JUnit will officially label the test method as skipped. However, the test will not be labeled as Error or Failure.
Even though the test was skipped, it succeeded. Note, JUnit outputs a message:

``org.junit.AssumptionViolatedException: got: , expected: is ``

This is ok! The test passed!