2015-05-29 09:21:26 +00:00
|
|
|
# DASCA
|
2018-10-26 22:01:13 +00:00
|
|
|
|
2015-06-15 07:22:50 +00:00
|
|
|
## Installation
|
2018-10-26 22:01:13 +00:00
|
|
|
|
2015-06-15 07:22:50 +00:00
|
|
|
### Prerequisites
|
2018-10-26 22:01:13 +00:00
|
|
|
|
2018-04-05 08:13:02 +00:00
|
|
|
* Java 8 (Java 9 or later is currently *not* supported)
|
2018-10-28 08:32:38 +00:00
|
|
|
* Eclipse Oxygen, including the following additional packages:
|
|
|
|
* From the Eclipse Marketplace:
|
|
|
|
* The Plug-in Development Environment (PDE)
|
|
|
|
* JavaScript Development Tools (JSDT)
|
|
|
|
* Gradle Integration (Buildship)
|
|
|
|
* From the [Scala IDE Update Site](http://scala-ide.org/download/current.html)
|
2018-10-29 12:21:39 +00:00
|
|
|
* [Scala IDE and Scalatest Runner (the latter is optional)](http://download.scala-ide.org/sdk/lithium/e47/scala212/stable/site)
|
2018-10-28 08:32:38 +00:00
|
|
|
* The native libraries and the JNI packages for [CVC3](http://cs.nyu.edu/acsys/cvc3/).
|
2018-10-29 12:25:50 +00:00
|
|
|
On a Debian-based Linux system, you need to install the package `libcvc3-5-jni`. CVC3 is
|
|
|
|
only required for the sub-project `com.logicalhacking.dasca.dataflow` and the
|
|
|
|
corresponding tests.
|
|
|
|
|
|
|
|
Note, if you install the [Eclipse for Java EE Developers](http://www.eclipse.org/downloads/packages/release/2018-09/r/eclipse-ide-java-ee-developers),
|
|
|
|
you should get a version that includes already PDE, JSDT, and Buildship. Thus, you only need
|
|
|
|
to add the Scala IDE.
|
2015-06-15 07:22:50 +00:00
|
|
|
|
|
|
|
### Checkout
|
2018-10-26 22:01:13 +00:00
|
|
|
|
|
|
|
The repository can be cloned as usual:
|
|
|
|
|
2018-10-27 20:36:03 +00:00
|
|
|
``` sh
|
2018-10-26 22:01:13 +00:00
|
|
|
git clone https://git.logicalhacking.com/DASCA/DASCA.git
|
2015-06-27 18:27:39 +00:00
|
|
|
```
|
2015-10-15 08:34:37 +00:00
|
|
|
|
2018-10-27 22:40:26 +00:00
|
|
|
Note, if you authorized to access the confidential test cases of
|
|
|
|
DASCA, you can obtain them by executing
|
|
|
|
|
|
|
|
``` sh
|
|
|
|
git submodule update --init --recursive
|
|
|
|
```
|
|
|
|
|
2018-10-29 11:44:25 +00:00
|
|
|
### Configuration (optional)
|
|
|
|
|
|
|
|
The dataflow analysis can be configured in various ways in the
|
|
|
|
`com.logicalhacking.dasca.dataflow/config/main.config` file. Most importantly,
|
|
|
|
if you experience problems or want to optimize the performance (e.g., by
|
|
|
|
analyzing the programs based on a different Java version), you might need to
|
|
|
|
configure the location of the Java JDK. The JDK used as part of the static
|
|
|
|
analysis is configured in the file
|
2018-10-29 11:31:58 +00:00
|
|
|
`com.logicalhacking.dasca.dataflow/config/main.config`, e.g.
|
2018-10-27 20:36:03 +00:00
|
|
|
|
|
|
|
``` sh
|
2016-09-11 11:51:22 +00:00
|
|
|
cd DASCA/
|
2018-10-29 11:31:58 +00:00
|
|
|
echo "java_runtime_dir = <PATH-TO-JDK>" >> ./com.logicalhacking.dasca.dataflow/config/main.config
|
2016-09-11 11:51:22 +00:00
|
|
|
```
|
2018-10-27 20:36:03 +00:00
|
|
|
|
2016-09-21 21:37:03 +00:00
|
|
|
Don't forget to adjust the path to the Java JDK accordingly, i.e.,
|
|
|
|
the `<PATH-TO-JDK>` should point to the directory containing the file
|
|
|
|
`rt.lib`.
|
2016-09-19 10:13:53 +00:00
|
|
|
|
2015-06-15 07:22:50 +00:00
|
|
|
### How to Compile
|
2018-10-26 22:01:13 +00:00
|
|
|
|
2018-10-27 20:36:03 +00:00
|
|
|
First check that the variable `JAVA_HOME` is configured correctly, to ensure
|
|
|
|
that Java 8 is used, e.g.:
|
|
|
|
|
|
|
|
``` sh
|
2017-10-31 08:15:23 +00:00
|
|
|
export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64
|
2018-10-27 20:36:03 +00:00
|
|
|
export PATH=$JAVA_HOME/bin:$PATH
|
2017-10-31 08:15:23 +00:00
|
|
|
```
|
|
|
|
|
2018-10-27 20:36:03 +00:00
|
|
|
The project can be compiled using gradle
|
|
|
|
|
|
|
|
``` sh
|
|
|
|
./gradlew clean assemble test
|
2015-06-15 07:22:50 +00:00
|
|
|
```
|
2017-10-31 08:15:23 +00:00
|
|
|
|
2018-10-27 20:36:03 +00:00
|
|
|
### Import into Eclipse
|
|
|
|
|
|
|
|
All projects can be imported into a (fresh) Eclipse workspace
|
2018-10-27 23:01:02 +00:00
|
|
|
using `File -> Import -> Gradle -> Existing Gradle Projects`:
|
2016-08-08 19:58:06 +00:00
|
|
|
|
2018-10-27 23:01:02 +00:00
|
|
|
1. Select the `DASCA` folder as source for the import
|
2018-10-27 20:36:03 +00:00
|
|
|
2. Import all offered projects
|
2015-06-15 07:22:50 +00:00
|
|
|
|
2018-10-27 23:01:02 +00:00
|
|
|
|
2018-10-29 12:21:39 +00:00
|
|
|
|
2018-10-27 20:36:03 +00:00
|
|
|
## Team
|
2018-10-26 22:01:13 +00:00
|
|
|
|
2015-06-15 07:22:50 +00:00
|
|
|
Main contact: [Achim D. Brucker](http://www.brucker.ch/)
|
|
|
|
|
|
|
|
### Contributors
|
2018-10-26 22:01:13 +00:00
|
|
|
|
2015-06-15 07:22:50 +00:00
|
|
|
* Thomas Deuster
|
2016-07-30 22:31:42 +00:00
|
|
|
* [Michael Herzberg](http://www.dcs.shef.ac.uk/cgi-bin/makeperson?M.Herzberg)
|
2015-06-15 07:22:50 +00:00
|
|
|
* Tim Herres
|
2016-07-28 22:51:21 +00:00
|
|
|
|
2016-11-27 10:40:10 +00:00
|
|
|
## License
|
2018-10-26 22:01:13 +00:00
|
|
|
|
2018-10-30 00:09:20 +00:00
|
|
|
This project is licensed under the Eclipse Public License 2.0.
|
|
|
|
|
|
|
|
SPDX-License-Identifier: EPL-2.0
|
2016-07-30 22:31:42 +00:00
|
|
|
|
2018-10-28 08:33:27 +00:00
|
|
|
## Master Repository
|
|
|
|
|
|
|
|
The master git repository for this project is hosted by the [Software
|
|
|
|
Assurance & Security Research Team](https://logicalhacking.com) at
|
|
|
|
<https://git.logicalhacking.com/DASCA/DASCA>.
|
|
|
|
|
2016-09-14 18:02:44 +00:00
|
|
|
## Publications
|
2018-10-26 22:01:13 +00:00
|
|
|
|
2016-07-28 22:51:21 +00:00
|
|
|
* Achim D. Brucker and Michael Herzberg. [On the Static Analysis of
|
|
|
|
Hybrid Mobile Apps: A Report on the State of Apache Cordova
|
|
|
|
Nation.](https://www.brucker.ch/bibliography/download/2016/brucker.ea-cordova-security-2016.pdf)
|
|
|
|
In International Symposium on Engineering Secure Software
|
|
|
|
and Systems (ESSoS). Lecture Notes in Computer Science (9639), pages
|
|
|
|
72-88, Springer-Verlag, 2016.
|
|
|
|
https://www.brucker.ch/bibliography/abstract/brucker.ea-cordova-security-2016
|
|
|
|
doi: [10.1007/978-3-319-30806-7_5](http://dx.doi.org/10.1007/978-3-319-30806-7_5)
|