Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/logicalhacking/dasca

DASCA combines dynamic and static techniques for analysing code for finding security (i.e., vulnerabilities), safety, or reliability problems.
https://github.com/logicalhacking/dasca

android cordova eclipse java sast static-analysis wala

Last synced: about 6 hours ago
JSON representation

DASCA combines dynamic and static techniques for analysing code for finding security (i.e., vulnerabilities), safety, or reliability problems.

Awesome Lists containing this project

README

        

# DASCA

## Installation

### Prerequisites

* Java 8 (Java 9 or later is currently *not* supported)
* Eclipse Oxygen, including the following additional packages:
* From the Eclipse Marketplace:
* The Plug-in Development Environment (PDE)
* JavaScript Development Tools (JSDT)
* Gradle Integration (Buildship)
* From the [Scala IDE Update Site](http://scala-ide.org/download/current.html)
* [Scala IDE and Scalatest Runner (the latter is optional)](http://download.scala-ide.org/sdk/lithium/e47/scala212/stable/site)
* The native libraries and the JNI packages for [CVC3](http://cs.nyu.edu/acsys/cvc3/).
On a Debian-based Linux system, you need to install the package `libcvc3-5-jni`. CVC3 is
only required for the sub-project `com.logicalhacking.dasca.dataflow` and the
corresponding tests.

Note, if you install the [Eclipse for Java EE Developers](http://www.eclipse.org/downloads/packages/release/2018-09/r/eclipse-ide-java-ee-developers),
you should get a version that includes already PDE, JSDT, and Buildship. Thus, you only need
to add the Scala IDE.

### Checkout

The repository can be cloned as usual:

``` sh
git clone https://git.logicalhacking.com/DASCA/DASCA.git
```

Note, if you authorized to access the confidential test cases of
DASCA, you can obtain them by executing

``` sh
git submodule update --init --recursive
```

### Configuration (optional)

The dataflow analysis can be configured in various ways in the
`com.logicalhacking.dasca.dataflow/config/main.config` file. Most importantly,
if you experience problems or want to optimize the performance (e.g., by
analyzing the programs based on a different Java version), you might need to
configure the location of the Java JDK. The JDK used as part of the static
analysis is configured in the file
`com.logicalhacking.dasca.dataflow/config/main.config`, e.g.

``` sh
cd DASCA/
echo "java_runtime_dir = " >> ./com.logicalhacking.dasca.dataflow/config/main.config
```

Don't forget to adjust the path to the Java JDK accordingly, i.e.,
the `` should point to the directory containing the file
`rt.lib`.

### How to Compile

First check that the variable `JAVA_HOME` is configured correctly, to ensure
that Java 8 is used, e.g.:

``` sh
export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64
export PATH=$JAVA_HOME/bin:$PATH
```

The project can be compiled using gradle

``` sh
./gradlew clean assemble test
```

### Import into Eclipse

All projects can be imported into a (fresh) Eclipse workspace
using `File -> Import -> Gradle -> Existing Gradle Projects`:

1. Select the `DASCA` folder as source for the import
2. Import all offered projects

## Team

Main contact: [Achim D. Brucker](http://www.brucker.ch/)

### Contributors

* Thomas Deuster
* [Michael Herzberg](http://www.dcs.shef.ac.uk/cgi-bin/makeperson?M.Herzberg)
* Tim Herres

## License

This project is licensed under the Eclipse Public License 2.0.

SPDX-License-Identifier: EPL-2.0

## Master Repository

The master git repository for this project is hosted by the [Software
Assurance & Security Research Team](https://logicalhacking.com) at
.

## Publications

* Achim D. Brucker and Michael Herzberg. [On the Static Analysis of
Hybrid Mobile Apps: A Report on the State of Apache Cordova
Nation.](https://www.brucker.ch/bibliography/download/2016/brucker.ea-cordova-security-2016.pdf)
In International Symposium on Engineering Secure Software
and Systems (ESSoS). Lecture Notes in Computer Science (9639), pages
72-88, Springer-Verlag, 2016.
https://www.brucker.ch/bibliography/abstract/brucker.ea-cordova-security-2016
doi: [10.1007/978-3-319-30806-7_5](http://dx.doi.org/10.1007/978-3-319-30806-7_5)