2015-05-29 09:21:26 +00:00
|
|
|
# DASCA
|
2018-10-26 22:01:13 +00:00
|
|
|
|
2015-06-15 07:22:50 +00:00
|
|
|
## Installation
|
2018-10-26 22:01:13 +00:00
|
|
|
|
2015-06-15 07:22:50 +00:00
|
|
|
### Prerequisites
|
2018-10-26 22:01:13 +00:00
|
|
|
|
2018-04-05 08:13:02 +00:00
|
|
|
* Java 8 (Java 9 or later is currently *not* supported)
|
2015-10-29 12:48:37 +00:00
|
|
|
* Android SDK (to obtain dx.jar)
|
2017-09-11 13:37:30 +00:00
|
|
|
* Eclipse Oxygen, including
|
2018-05-05 05:58:47 +00:00
|
|
|
* The Plug-in Development Environment (PDE)
|
|
|
|
* JavaScript Development Tools (JSDT)
|
2017-09-11 13:37:30 +00:00
|
|
|
* [Scala IDE and Scalatest Runner (the latter is optional)](http://download.scala-ide.org/sdk/lithium/e44/scala211/stable/site)
|
2016-09-21 21:37:03 +00:00
|
|
|
* ["Maven for Scala" - Maven Integration for Eclipse](http://alchim31.free.fr/m2e-scala/update-site)
|
2018-04-05 08:29:36 +00:00
|
|
|
* m2e - Maven Integration for Eclipse
|
2016-09-21 21:37:03 +00:00
|
|
|
* [CVC3](http://cs.nyu.edu/acsys/cvc3/) including the Java bindings for CVC3
|
|
|
|
* [apktool](https://ibotpeaches.github.io/Apktool/)
|
2015-10-15 08:34:37 +00:00
|
|
|
|
2015-06-15 07:22:50 +00:00
|
|
|
|
|
|
|
### Checkout
|
2018-10-26 22:01:13 +00:00
|
|
|
|
|
|
|
The repository can be cloned as usual:
|
|
|
|
|
2015-06-27 18:27:39 +00:00
|
|
|
```
|
2018-10-26 22:01:13 +00:00
|
|
|
git clone https://git.logicalhacking.com/DASCA/DASCA.git
|
2015-06-27 18:27:39 +00:00
|
|
|
```
|
2015-10-15 08:34:37 +00:00
|
|
|
|
|
|
|
### Resolving external dependencies
|
2018-10-26 22:01:13 +00:00
|
|
|
|
2016-09-21 21:37:03 +00:00
|
|
|
* Ensure that the environment variable `ANDROID_HOME` is set correctly and that
|
2015-10-15 08:34:37 +00:00
|
|
|
the Android SDK has API 19 installed, i.e.,
|
2016-09-21 21:37:03 +00:00
|
|
|
`${ANDROID_HOME}/platforms/android-19/android.jar` should be a valid path.
|
2017-11-01 23:28:20 +00:00
|
|
|
* Install ``apktool_2.3.0.jar`` into your local maven repository:
|
2016-09-11 11:59:21 +00:00
|
|
|
|
2015-06-15 07:22:50 +00:00
|
|
|
```
|
2016-09-11 09:20:44 +00:00
|
|
|
cd $(mktemp -d)
|
2017-11-01 23:28:20 +00:00
|
|
|
wget https://bitbucket.org/iBotPeaches/apktool/downloads/apktool_2.3.0.jar
|
|
|
|
mvn install:install-file -Dfile=apktool_2.3.0.jar -DgroupId=apktool -DartifactId=apktool -Dpackaging=jar -Dversion=2.3.0
|
2015-10-15 08:57:06 +00:00
|
|
|
```
|
2015-06-15 07:22:50 +00:00
|
|
|
|
2016-09-11 11:51:22 +00:00
|
|
|
### WALA configuration
|
2018-10-26 22:01:13 +00:00
|
|
|
|
2017-09-11 13:37:30 +00:00
|
|
|
DASCA (and the underlying WALA setup) is tested with Java version 8.
|
|
|
|
If DASCA is installed using Java 8, there should be no need for updating
|
|
|
|
the WALA configuration.
|
2016-10-09 09:21:57 +00:00
|
|
|
|
|
|
|
If you experience problems or want to optimize the performance (e.g.,
|
|
|
|
by analyzing the programs based on a different Java version), you
|
2017-09-11 13:37:30 +00:00
|
|
|
might need to configure the location of the Java JDK. The JDK used
|
2016-10-09 09:21:57 +00:00
|
|
|
as part of the static analysis is configured in the `wala.properties`
|
|
|
|
file, e.g.
|
2016-09-11 11:51:22 +00:00
|
|
|
```
|
|
|
|
cd DASCA/
|
2016-09-19 10:13:53 +00:00
|
|
|
echo "java_runtime_dir = <PATH-TO-JDK>" >> externals/WALA/com.ibm.wala.core/dat/wala.properties
|
2016-09-11 11:51:22 +00:00
|
|
|
```
|
2016-09-21 21:37:03 +00:00
|
|
|
Don't forget to adjust the path to the Java JDK accordingly, i.e.,
|
|
|
|
the `<PATH-TO-JDK>` should point to the directory containing the file
|
|
|
|
`rt.lib`.
|
2016-09-19 10:13:53 +00:00
|
|
|
|
2015-06-15 07:22:50 +00:00
|
|
|
### How to Compile
|
2018-10-26 22:01:13 +00:00
|
|
|
|
2017-10-31 08:15:23 +00:00
|
|
|
First check that the variable `JAVA_HOME` is configured correctly, e.g.:
|
|
|
|
```
|
|
|
|
export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64
|
|
|
|
```
|
|
|
|
|
|
|
|
Second, resolve the dependencies using maven:
|
2015-06-15 07:22:50 +00:00
|
|
|
```
|
2017-05-21 14:58:16 +00:00
|
|
|
cd src/com.logicalhacking.dasca.parent/
|
2017-10-31 08:15:23 +00:00
|
|
|
mvn -P wala clean verify -DskipTests=true
|
2015-06-15 07:22:50 +00:00
|
|
|
```
|
2017-10-31 08:15:23 +00:00
|
|
|
|
2015-06-15 07:22:50 +00:00
|
|
|
After this, all projects can be imported into a fresh Eclipse
|
2015-10-15 08:34:37 +00:00
|
|
|
workspace using `File -> Import -> Maven -> Existing Maven Projects`:
|
2016-09-20 07:12:03 +00:00
|
|
|
1. Select the DASCA `src` folder as source for the import
|
2015-10-15 10:39:15 +00:00
|
|
|
2. Import all offered projects (WALA and DASCA)
|
2016-08-08 19:58:06 +00:00
|
|
|
|
2016-11-03 23:58:40 +00:00
|
|
|
While some WALA projects may contain compilation errors, all DASCA
|
2017-05-21 14:58:16 +00:00
|
|
|
projects (i.e., `com.logicalhacking.dasca.*`) should compile without errors.
|
2015-06-15 07:22:50 +00:00
|
|
|
|
|
|
|
## Team
|
2018-10-26 22:01:13 +00:00
|
|
|
|
2015-06-15 07:22:50 +00:00
|
|
|
Main contact: [Achim D. Brucker](http://www.brucker.ch/)
|
|
|
|
|
|
|
|
### Contributors
|
2018-10-26 22:01:13 +00:00
|
|
|
|
2015-06-15 07:22:50 +00:00
|
|
|
* Thomas Deuster
|
2016-07-30 22:31:42 +00:00
|
|
|
* [Michael Herzberg](http://www.dcs.shef.ac.uk/cgi-bin/makeperson?M.Herzberg)
|
2015-06-15 07:22:50 +00:00
|
|
|
* Tim Herres
|
2016-07-28 22:51:21 +00:00
|
|
|
|
2016-11-27 10:40:10 +00:00
|
|
|
## License
|
2018-10-26 22:01:13 +00:00
|
|
|
|
2016-11-27 10:40:10 +00:00
|
|
|
This project is licensed under the Eclipse Public License 1.0.
|
2016-07-30 22:31:42 +00:00
|
|
|
|
2016-09-14 18:02:44 +00:00
|
|
|
## Publications
|
2018-10-26 22:01:13 +00:00
|
|
|
|
2016-07-28 22:51:21 +00:00
|
|
|
* Achim D. Brucker and Michael Herzberg. [On the Static Analysis of
|
|
|
|
Hybrid Mobile Apps: A Report on the State of Apache Cordova
|
|
|
|
Nation.](https://www.brucker.ch/bibliography/download/2016/brucker.ea-cordova-security-2016.pdf)
|
|
|
|
In International Symposium on Engineering Secure Software
|
|
|
|
and Systems (ESSoS). Lecture Notes in Computer Science (9639), pages
|
|
|
|
72-88, Springer-Verlag, 2016.
|
|
|
|
https://www.brucker.ch/bibliography/abstract/brucker.ea-cordova-security-2016
|
|
|
|
doi: [10.1007/978-3-319-30806-7_5](http://dx.doi.org/10.1007/978-3-319-30806-7_5)
|