Data

Tools

Indexes

Applications

Experiments

Open Source Science

svfa-scala

An implementation of sparse-value flow analysis on top of soot (using Scala)

https://github.com/rbonifacio/svfa-scala

Science Score: 44.0%

This score indicates how likely this project is to be science-related based on various indicators:

  • CITATION.cff file
    Found CITATION.cff file
  • codemeta.json file
    Found codemeta.json file
  • .zenodo.json file
    Found .zenodo.json file
  • DOI references
  • Academic publication links
  • Committers with academic emails
  • Institutional organization owner
  • JOSS paper metadata
  • Scientific vocabulary similarity
    Low similarity (11.3%) to scientific vocabulary
Last synced: 7 months ago · JSON representation ·

Repository

An implementation of sparse-value flow analysis on top of soot (using Scala)

Basic Info
  • Host: GitHub
  • Owner: rbonifacio
  • Language: Java
  • Default Branch: develop
  • Size: 8.16 MB
Statistics
  • Stars: 9
  • Watchers: 2
  • Forks: 15
  • Open Issues: 13
  • Releases: 1
Created almost 7 years ago · Last pushed over 1 year ago
Metadata Files
Readme Citation

README.md

SVFA (Sparse Value Flow Analysis) implementation based on Soot

This is a scala implementation of a framework that builds a sparse-value flow graph using Soot.

Status

  • Experimental.

Usage

  • Clone this repository or download a stable release.
  • Add a GitHub token to your ~/.gitconfig. [github] token = TOKEN
  • Build this project using sbt (sbt compile test)
  • Publish the artifact as a JAR file in your m2 repository (sbt publish)
  • Create a dependency to the svfa-scala artifact in your maven project.

{xml} <dependency> <groupId>br.unb.cic</groupId> <artifactId>svfa-scala_2.12</artifactId> <version>3.0.1-SNAPSHOT</version> </dependency>

  • Implement a class that extends the JSVFA class (see some examples in the scala tests). you must provide implementations to the following methods.
    • getEntryPoints() to set up the "main" methods. This implementation must return a list of Soot methods.
    • sootClassPath() to set up the soot classpath. This implementation must return a string.
    • analyze(unit) to identify the type of a node (source, sink, simple node) in the graph; given a statement (soot unit).

Installation

  • Install Scala Plugin in IntelliJ IDEA.
  • Install Java 8 (Java JDK Path /usr/lib/jvm/java-8-openjdk-amd64). {bash} sudo apt install openjdk-8-jre-headless sudo apt install openjdk-8-jdk
  • Clone the project: {bash} git clone https://github.com/rbonifacio/svfa-scala
  • Add GitHub token in ~/.gitconfig.
  • IDE
    • Reload sbt .
    • Set Project's settings to work with Java 8.
    • Build Project.
    • Run test.

Benchmark

This project integrates 2 well-known benchmarks.

Securibench

This benchmark was integrated because it is also used in the FlowDroid Project and the tests cases are in src/test/java/securibench.

failed: 0, passed: 72, ignored: 31 of 103 test (69.90%)

  • AliasingTest - failed: 0, passed: 4, ignored: 2 of 6 test (66.7%)

    • [5]
    • [6]

  • ArraysTest - failed: 0, passed: 5, ignored: 5 of 10 test (50%)

    • [2]
    • [5]
    • [8]
    • [9]
    • [10]

  • BasicTest - failed: 0, passed: 39, ignored: 3 of 42 test (92.85%)

    • [36]
    • [38]
    • [42]

  • CollectionTest - failed: 0, passed: 3, ignored: 11 of 14 test (21.42%)

    • [3]
    • [4]
    • [5]
    • [6]
    • [7]
    • [8]
    • [9]
    • [10]
    • [11] * There are any assertions here, it calls test [11b]
    • [11b]
    • [12]
    • [13]

  • DataStructureTest - failed: 0, passed: 5, ignored: 1 of 6 test (83.33%)

    • [5]

  • FactoryTest - failed: 0, passed: 2, ignored: 1 of 3 test (66.67%)

    • [3]

  • InterTest - failed: 0, passed:11, ignored: 4 of 14 test (78.57%)

    • [6]
    • [11] - flaky
    • [12]

  • SessionTest - failed: 0, passed: 0, ignored: 3 of 3 test (0%)

    • [1]
    • [2]
    • [3]

  • StrongUpdateTest - failed: 0, passed: 3, ignored: 2 of 5 test (60%)

    • [3]
    • [5]

Taintbench: (WIP)

Taintbench contains a set o Android Apks that are old malware apps. We have created a file taintbench.properties in src/test/resources to set the configurations.

failed: ?, passed: 1, ignored: ? of 39 test (?%)

  • [Roidsec]
  • [ ]

Tasks

WIP

  • [ ] Finish integration of Taintbench.
  • [ ] Add set up project documentation.
  • [ ] Integrate Securibench as a submodule.
  • [ ] Fix bugs for Securibench in folders
    • [ ] Datastructure
    • [ ] Factory
    • [ ] Session
    • [ ] Strong Update
    • [ ] Aliasing

Owner

  • Name: Rodrigo Bonifácio
  • Login: rbonifacio
  • Kind: user
  • Location: Brasília
  • Company: University of Brasília

Associate professor at UnB. Interested in source-code analysis and manipulation, software security and static analysis.

Citation (CITATION.cff) 

cff-version: 1.2.0
message: "If you use this software, please cite it as below."
authors:
- family-names: "Bonifácio"
  given-names: "Rodrigo"
  orcid: "https://orcid.org/0000-0002-2380-2829"
- family-names: "Bodden"
  given-names: "Eric"
  orcid: "https://orcid.org/0000-0003-3470-3647"
- family-names: "R. Silva"
  given-names: "João Victor"
- family-names: "R. Silva"
  given-names: "Ingrid Lorraine"
- family-names: "Santos"
  given-names: "Galileu"  
title: "SVFA-Scala: an implementation of SVFA for Java"
version: 0.1.0-SNAPSHOT
date-released: 2022-09-06
url: "https://github.com/rbonifacio/svfa-scala"

GitHub Events

Total
  • Release event: 1
  • Delete event: 1
  • Issue comment event: 2
  • Push event: 12
  • Pull request event: 10
  • Fork event: 1
  • Create event: 6
Last Year
  • Release event: 1
  • Delete event: 1
  • Issue comment event: 2
  • Push event: 12
  • Pull request event: 10
  • Fork event: 1
  • Create event: 6

Committers

Last synced: about 1 year ago

All Time
  • Total Commits: 210
  • Total Committers: 11
  • Avg Commits per committer: 19.091
  • Development Distribution Score (DDS): 0.562
Past Year
  • Commits: 98
  • Committers: 3
  • Avg Commits per committer: 32.667
  • Development Distribution Score (DDS): 0.082
Top Committers
Name Email Commits
jose clavo tafur j****r@g****m 92
rbonifacio r****3@g****m 90
Ingrid Lorraine Rodrigues da Silva i****1@g****m 7
João Victor Rodrigues da Silva v****1@g****m 6
jose clavo tafur j****r 5
rbonifacio r****o@M****l 3
Barbosa m****2@c****r 2
Galileu Santos g****s@l****r 2
Paulo Borba p****b@c****r 1
root r****t@p****n 1
rafaelmotaalves r****7@c****r 1
Committer Domains (Top 20 + Academic)
cin.ufpe.br: 3 pop-os.localdomain: 1 lais.huol.ufrn.br: 1

Issues and Pull Requests

Last synced: 12 months ago

All Time
  • Total issues: 5
  • Total pull requests: 29
  • Average time to close issues: N/A
  • Average time to close pull requests: 22 days
  • Total issue authors: 3
  • Total pull request authors: 7
  • Average comments per issue: 0.2
  • Average comments per pull request: 0.1
  • Merged pull requests: 13
  • Bot issues: 0
  • Bot pull requests: 0
Past Year
  • Issues: 0
  • Pull requests: 8
  • Average time to close issues: N/A
  • Average time to close pull requests: 11 days
  • Issue authors: 0
  • Pull request authors: 1
  • Average comments per issue: 0
  • Average comments per pull request: 0.25
  • Merged pull requests: 3
  • Bot issues: 0
  • Bot pull requests: 0
View more stats
Top Authors
Issue Authors
  • rbonifacio (3)
  • mengjianwei12345 (1)
  • barbosamaatheus (1)
Pull Request Authors
  • Jclavo (21)
  • galilasmb (5)
  • joao-victor-silva (5)
  • barbosamaatheus (2)
  • luisamaralh (1)
  • lorrainesilva (1)
  • rafaelmotaalves (1)
Top Labels
Issue Labels
bug (3)
Pull Request Labels
bug (5) enhancement (1)