dasca
DASCA combines dynamic and static techniques for analysing code for finding security (i.e., vulnerabilities), safety, or reliability problems.
Science Score: 13.0%
This score indicates how likely this project is to be science-related based on various indicators:
-
○CITATION.cff file
-
○codemeta.json file
-
○.zenodo.json file
-
✓DOI references
Found 4 DOI reference(s) in README -
○Academic publication links
-
○Academic email domains
-
○Institutional organization owner
-
○JOSS paper metadata
-
○Scientific vocabulary similarity
Low similarity (14.8%) to scientific vocabulary
Keywords
Repository
DASCA combines dynamic and static techniques for analysing code for finding security (i.e., vulnerabilities), safety, or reliability problems.
Basic Info
Statistics
- Stars: 4
- Watchers: 6
- Forks: 2
- Open Issues: 0
- Releases: 0
Topics
Metadata Files
README.md
DASCA
Installation
Prerequisites
- Java 8 (Java 9 or later is currently not supported)
- Eclipse Oxygen, including the following additional packages:
- From the Eclipse Marketplace:
- The Plug-in Development Environment (PDE)
- JavaScript Development Tools (JSDT)
- Gradle Integration (Buildship)
- From the Scala IDE Update Site
- Scala IDE and Scalatest Runner (the latter is optional)
- The native libraries and the JNI packages for CVC3.
On a Debian-based Linux system, you need to install the package
libcvc3-5-jni. CVC3 is only required for the sub-projectcom.logicalhacking.dasca.dataflowand the corresponding tests.
Note, if you install the Eclipse for Java EE Developers, you should get a version that includes already PDE, JSDT, and Buildship. Thus, you only need to add the Scala IDE.
Checkout
The repository can be cloned as usual:
sh
git clone https://git.logicalhacking.com/DASCA/DASCA.git
Note, if you authorized to access the confidential test cases of DASCA, you can obtain them by executing
sh
git submodule update --init --recursive
Configuration (optional)
The dataflow analysis can be configured in various ways in the
com.logicalhacking.dasca.dataflow/config/main.config file. Most importantly,
if you experience problems or want to optimize the performance (e.g., by
analyzing the programs based on a different Java version), you might need to
configure the location of the Java JDK. The JDK used as part of the static
analysis is configured in the file
com.logicalhacking.dasca.dataflow/config/main.config, e.g.
sh
cd DASCA/
echo "java_runtime_dir = <PATH-TO-JDK>" >> ./com.logicalhacking.dasca.dataflow/config/main.config
Don't forget to adjust the path to the Java JDK accordingly, i.e.,
the <PATH-TO-JDK> should point to the directory containing the file
rt.lib.
How to Compile
First check that the variable JAVA_HOME is configured correctly, to ensure
that Java 8 is used, e.g.:
sh
export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64
export PATH=$JAVA_HOME/bin:$PATH
The project can be compiled using gradle
sh
./gradlew clean assemble test
Import into Eclipse
All projects can be imported into a (fresh) Eclipse workspace
using File -> Import -> Gradle -> Existing Gradle Projects:
- Select the
DASCAfolder as source for the import - Import all offered projects
Team
Main contact: Achim D. Brucker
Contributors
- Thomas Deuster
- Michael Herzberg
- Tim Herres
License
This project is licensed under the Eclipse Public License 2.0.
SPDX-License-Identifier: EPL-2.0
Master Repository
The master git repository for this project is hosted by the Software Assurance & Security Research Team at https://git.logicalhacking.com/DASCA/DASCA.
Publications
- Achim D. Brucker and Michael Herzberg. On the Static Analysis of Hybrid Mobile Apps: A Report on the State of Apache Cordova Nation. In International Symposium on Engineering Secure Software and Systems (ESSoS). Lecture Notes in Computer Science (9639), pages 72-88, Springer-Verlag, 2016. https://www.brucker.ch/bibliography/abstract/brucker.ea-cordova-security-2016 doi: 10.1007/978-3-319-30806-7_5
Owner
- Name: Software Assurance & Security Research Team
- Login: logicalhacking
- Kind: organization
- Email: adbrucker@0x5f.org
- Location: Exeter, UK
- Website: https://logicalhacking.com
- Twitter: logicalhacking
- Repositories: 6
- Profile: https://github.com/logicalhacking
Git mirror of the Software Assurance & Security Research Team at the University of Exeter, UK. The team is headed by Achim D. Brucker (@adbrucker).
GitHub Events
Total
Last Year
Issues and Pull Requests
Last synced: 6 months ago
All Time
- Total issues: 0
- Total pull requests: 0
- Average time to close issues: N/A
- Average time to close pull requests: N/A
- Total issue authors: 0
- Total pull request authors: 0
- Average comments per issue: 0
- Average comments per pull request: 0
- Merged pull requests: 0
- Bot issues: 0
- Bot pull requests: 0
Past Year
- Issues: 0
- Pull requests: 0
- Average time to close issues: N/A
- Average time to close pull requests: N/A
- Issue authors: 0
- Pull request authors: 0
- Average comments per issue: 0
- Average comments per pull request: 0
- Merged pull requests: 0
- Bot issues: 0
- Bot pull requests: 0
Top Authors
Issue Authors
Pull Request Authors
Top Labels
Issue Labels
Pull Request Labels
Dependencies
- de.undercouch:gradle-download-task 3.4.3 compile
- org.eclipse.jdt:org.eclipse.jdt.core 3.15.0 compile
- org.eclipse.platform:org.eclipse.core.contenttype 3.7.100 compile
- org.eclipse.platform:org.eclipse.core.jobs 3.10.100 compile
- org.eclipse.platform:org.eclipse.core.resources 3.13.100 compile
- org.eclipse.platform:org.eclipse.core.runtime 3.15.0 compile
- org.eclipse.platform:org.eclipse.equinox.common 3.10.100 compile
- org.eclipse.platform:org.eclipse.equinox.preferences 3.7.200 compile
- org.eclipse.platform:org.eclipse.osgi 3.13.100 compile
- org.eclipse.platform:org.eclipse.osgi.services 3.7.100 compile