DASCA combines dynamic and static techniques for analysing code for finding security (i.e., vulnerabilities), safety, or reliability problems.

Go to file

Achim D. Brucker af7ad992ce Added URLs for dependencies.		2016-09-21 22:37:03 +01:00
externals	WALA should now track master.	2016-08-20 10:53:04 +01:00
src	Import cleanup.	2016-09-19 08:13:46 +01:00
.gitignore	Ignore configured crosslanguage launcher.	2016-09-12 08:40:55 +01:00
.gitmodules	Make submodule externals/WALA tracking master.	2016-08-20 10:48:55 +01:00
CITATION	Added ESSoS 2016 publication.	2016-07-28 23:51:21 +01:00
LICENSE	Initial commit	2015-05-30 23:28:28 +02:00
README.md	Added URLs for dependencies.	2016-09-21 22:37:03 +01:00

README.md

DASCA

Installation

Prerequisites

Java 8
Android SDK (to obtain dx.jar)
Eclipse Neon, including
CVC3 including the Java bindings for CVC3
apktool

Checkout

Note that this repository imports WALA as a submodule. Thus, you either need to recursively clone this repository, e.g.,

git clone --recursive https://git.logicalhacking.com/DASCA/DASCA.git

or execute git submodule update --init --recursive after cloning the repository.

Resolving external dependencies

Ensure that the environment variable ANDROID_HOME is set correctly and that the Android SDK has API 19 installed, i.e., ${ANDROID_HOME}/platforms/android-19/android.jar should be a valid path.
Install apktool_2.0.0.jar into your local maven repository:

cd $(mktemp -d)
wget https://bitbucket.org/iBotPeaches/apktool/downloads/apktool_2.0.0.jar
mvn install:install-file -Dfile=apktool_2.0.0.jar -DgroupId=apktool -DartifactId=apktool -Dpackaging=jar -Dversion=2.0.0

WALA configuration

WALA might needs to know the location of the Java JDK (the current setup is tested with JDK version 6 and 8). This is configured in the wala.properties file, e.g.

cd DASCA/
echo "java_runtime_dir = <PATH-TO-JDK>" >> externals/WALA/com.ibm.wala.core/dat/wala.properties

Don't forget to adjust the path to the Java JDK accordingly, i.e., the <PATH-TO-JDK> should point to the directory containing the file rt.lib.

If java_runtime_dir is not configured, WALA will use the JDK-libaries of the JDK used for executing WALA. This should work in most of the cases, i.e., providing a better "out-of-the-box" expierence.

How to Compile

First resolve the dependencies using maven:

cd src/eu.aniketos.dasca.parent/
mvn -P wala clean install -DskipTests=true -q

After this, all projects can be imported into a fresh Eclipse workspace using File -> Import -> Maven -> Existing Maven Projects:

Select the DASCA src folder as source for the import
Import all offered projects (WALA and DASCA)

While some Wala projects may contain compilation errors, all DASCA projects (i.e., eu.aniketos.dasca.*) should compile without errors.

Team

Main contact: Achim D. Brucker

Contributors

Thomas Deuster
Michael Herzberg
Tim Herres

Publications

Achim D. Brucker and Michael Herzberg. On the Static Analysis of Hybrid Mobile Apps: A Report on the State of Apache Cordova Nation. In International Symposium on Engineering Secure Software and Systems (ESSoS). Lecture Notes in Computer Science (9639), pages 72-88, Springer-Verlag, 2016. https://www.brucker.ch/bibliography/abstract/brucker.ea-cordova-security-2016 doi: 10.1007/978-3-319-30806-7_5