Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/sap-samples/security-research-taintgraphs
A tool to extract tainted code graphs from C/C++ and Java source code.
https://github.com/sap-samples/security-research-taintgraphs
code extractor graphs java kotlin sample taintgraphs
Last synced: about 1 month ago
JSON representation
A tool to extract tainted code graphs from C/C++ and Java source code.
- Host: GitHub
- URL: https://github.com/sap-samples/security-research-taintgraphs
- Owner: SAP-samples
- License: apache-2.0
- Created: 2023-03-06T09:15:46.000Z (almost 2 years ago)
- Default Branch: main
- Last Pushed: 2024-11-12T14:44:05.000Z (about 1 month ago)
- Last Synced: 2024-11-12T15:25:37.865Z (about 1 month ago)
- Topics: code, extractor, graphs, java, kotlin, sample, taintgraphs
- Language: C
- Size: 94.3 MB
- Stars: 13
- Watchers: 5
- Forks: 0
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Taintgraph Extraction
[![REUSE status](https://api.reuse.software/badge/github.com/SAP-samples/security-research-taintgraphs)](https://api.reuse.software/info/github.com/SAP-samples/security-research-taintgraphs)
This tool reads Java and C++ code, exports its
- Control Flow Graph
- Data Flow Graph
- Abstract Syntax tree## Requirements
- Kotlin 1.5.10
- JVM >= 11## Build
Build using Gradle
```
git clone https://github.com/SAP-samples/security-research-taintgraphs
cd security-research-taintgraphs
./gradlew installDist
```## Recommended Database
We find that Memgraph has the most efficient performance. Comparing RedisGraph, Neo4J and Memgraph.
The running command for Memgraph is slightly optimized to trade transactions guarantees for speed.
```
docker pull memgraph/memgraph-platform
docker image tag memgraph/memgraph-platform memgraph
docker run --memory="15g" -it -p 7687:7687 -p 3000:3000 -e MEMGRAPH="--query-execution-timeout-sec=180000 --bolt-session-inactivity-timeout=1800000 --query-max-plans=100000 --log-level DEBUG --memory-limit=15000 --storage-wal-enabled=false --storage-snapshot-interval-sec=0" memgraph
```## Modes
### Paths/Taintgraph extraction
Export paths between user-controlled sources and sinks with intersections between Gitdiff changes:This mode needs a running cypherql capable database up and running, e.g.:
```
╰─ build/install/security-research-taintgraphs/bin/security-research-taintgraphs --gitFile data/libxml2_git.txt --host localhost --port 7687 --protocol bolt --output out
```
The above command will use a graph database accessible via Bolt.
The extracted paths will be written to %out% directory with the pattern %out%/%commit%.cpgThe git text file should have following format, but mind it is best advise to sort the commits by time. The extraction tool only updates Deltas for efficiency. The initial commit should be close to the first vulnerable commit, regarding the committing date.
```
http://GITREPO/URL
FIRST INISTAL COMMIT
Commit that fixed vulnerability #1
Commit that fixed vulnerability #2
...
Commit that fixed vulnerability #n
```### Load CPG to DB
This mode will load a path to a project into a graph database.
```
╰─ build/install/security-research-taintgraphs/bin/security-research-taintgraphs --file path/to/project --host localhost --port 7687 --protocol redis
```### Simply export a CPG as Dot
```
╰─ build/install/security-research-taintgraphs/bin/security-research-taintgraphs --file path/to/project --output out
```## Example output
(Old image)
```Java
public class Implementor1 {private final static int i = 6;
public static void main( String... args ) {
final int j;
j = 14;
System.out.println(j);
}
}
```![visualized dot](example.png "visualized dot example")
## Requirements
The application requires Java 11 or higher.
## Optional commands
```
--tmpPath
```## Contributing
If you wish to contribute code, offer fixes or improvements, please send a pull request. Due to legal reasons, contributors will be asked to accept a DCO when they create the first pull request to this project. This happens in an automated fashion during the submission process. SAP uses [the standard DCO text of the Linux Foundation](https://developercertificate.org/).## License
Copyright (c) 2022 SAP SE or an SAP affiliate company. All rights reserved. This project is licensed under the Apache Software License, version 2.0 except as noted otherwise in the [LICENSE](LICENSES/Apache-2.0.txt) file.### Uses
Thanks to Fraunhofer AISEC for:
- https://github.com/Fraunhofer-AISEC/cpg-vis-neo4j
- https://github.com/Fraunhofer-AISEC/cpg