DASCA combines dynamic and static techniques for analysing code for finding security (i.e., vulnerabilities), safety, or reliability problems.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Achim D. Brucker df3237bc28 Upgraded spray. 11 months ago
buildSrc Integrated extraction of android.jar from Android SDK based on the implementation of the WALA gradle setup. 11 months ago
com.logicalhacking.dasca.crosslanguage Upgraded spray. 11 months ago
com.logicalhacking.dasca.crosslanguage.test Moved Android SDK download into main crosslanguage project. 11 months ago
com.logicalhacking.dasca.crosslanguage.test.confidential @ 0d650be534 Updated submodule. 11 months ago
com.logicalhacking.dasca.dataflow Migrated to EPL 2.0. 11 months ago
com.logicalhacking.dasca.dataflow.test.data Migrated to EPL 2.0. 11 months ago
com.logicalhacking.dasca.js Migrated to EPL 2.0. 11 months ago
gradle/wrapper File hierarchy refactoring. 11 months ago
.gitignore Improved handling of Android framework archive (in particualr for Eclipse). 11 months ago
.gitmodules Integrated confidential test cases. 11 months ago
CITATION Added ESSoS 2016 publication. 3 years ago
LICENSE Migrated to EPL 2.0. 11 months ago
README.md Migrated to EPL 2.0. 11 months ago
build.gradle Added Eclipse plugin. 11 months ago
gradle.properties Upgraded to WALA 1.5.1.S.DASCA.1.0.0. 11 months ago
gradlew File hierarchy refactoring. 11 months ago
gradlew.bat File hierarchy refactoring. 11 months ago
settings.gradle Integrated confidential test cases. 11 months ago

README.md

DASCA

Installation

Prerequisites

  • Java 8 (Java 9 or later is currently not supported)
  • Eclipse Oxygen, including the following additional packages:
  • The native libraries and the JNI packages for CVC3. On a Debian-based Linux system, you need to install the package libcvc3-5-jni. CVC3 is only required for the sub-project com.logicalhacking.dasca.dataflow and the corresponding tests.

Note, if you install the Eclipse for Java EE Developers, you should get a version that includes already PDE, JSDT, and Buildship. Thus, you only need to add the Scala IDE.

Checkout

The repository can be cloned as usual:

git clone https://git.logicalhacking.com/DASCA/DASCA.git

Note, if you authorized to access the confidential test cases of DASCA, you can obtain them by executing

git submodule update --init --recursive

Configuration (optional)

The dataflow analysis can be configured in various ways in the com.logicalhacking.dasca.dataflow/config/main.config file. Most importantly, if you experience problems or want to optimize the performance (e.g., by analyzing the programs based on a different Java version), you might need to configure the location of the Java JDK. The JDK used as part of the static analysis is configured in the file com.logicalhacking.dasca.dataflow/config/main.config, e.g.

cd DASCA/
echo "java_runtime_dir = <PATH-TO-JDK>" >> ./com.logicalhacking.dasca.dataflow/config/main.config

Don’t forget to adjust the path to the Java JDK accordingly, i.e., the <PATH-TO-JDK> should point to the directory containing the file rt.lib.

How to Compile

First check that the variable JAVA_HOME is configured correctly, to ensure that Java 8 is used, e.g.:

export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64
export PATH=$JAVA_HOME/bin:$PATH

The project can be compiled using gradle

./gradlew clean assemble test

Import into Eclipse

All projects can be imported into a (fresh) Eclipse workspace using File -> Import -> Gradle -> Existing Gradle Projects:

  1. Select the DASCA folder as source for the import
  2. Import all offered projects

Team

Main contact: Achim D. Brucker

Contributors

License

This project is licensed under the Eclipse Public License 2.0.

SPDX-License-Identifier: EPL-2.0

Master Repository

The master git repository for this project is hosted by the Software Assurance & Security Research Team at https://git.logicalhacking.com/DASCA/DASCA.

Publications