- Java 8 (Java 9 or later is currently not supported)
- Eclipse Oxygen, including the following additional packages:
- From the Eclipse Marketplace:
- The Plug-in Development Environment (PDE)
- JavaScript Development Tools (JSDT)
- Gradle Integration (Buildship)
- From the Scala IDE Update Site
- From the Eclipse Marketplace:
- The native libraries and the JNI packages for CVC3.
On a Debian-based Linux system, you need to install the package
libcvc3-5-jni. CVC3 is only required for the sub-projectcom.logicalhacking.dasca.dataflowand the corresponding tests.
Note, if you install the Eclipse for Java EE Developers, you should get a version that includes already PDE, JSDT, and Buildship. Thus, you only need to add the Scala IDE.
The repository can be cloned as usual:
git clone https://git.logicalhacking.com/DASCA/DASCA.gitNote, if you authorized to access the confidential test cases of DASCA, you can obtain them by executing
git submodule update --init --recursiveThe dataflow analysis can be configured in various ways in the
com.logicalhacking.dasca.dataflow/config/main.config file. Most importantly,
if you experience problems or want to optimize the performance (e.g., by
analyzing the programs based on a different Java version), you might need to
configure the location of the Java JDK. The JDK used as part of the static
analysis is configured in the file
com.logicalhacking.dasca.dataflow/config/main.config, e.g.
cd DASCA/
echo "java_runtime_dir = <PATH-TO-JDK>" >> ./com.logicalhacking.dasca.dataflow/config/main.configDon't forget to adjust the path to the Java JDK accordingly, i.e.,
the <PATH-TO-JDK> should point to the directory containing the file
rt.lib.
First check that the variable JAVA_HOME is configured correctly, to ensure
that Java 8 is used, e.g.:
export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64
export PATH=$JAVA_HOME/bin:$PATHThe project can be compiled using gradle
./gradlew clean assemble testAll projects can be imported into a (fresh) Eclipse workspace
using File -> Import -> Gradle -> Existing Gradle Projects:
- Select the
DASCAfolder as source for the import - Import all offered projects
Main contact: Achim D. Brucker
- Thomas Deuster
- Michael Herzberg
- Tim Herres
This project is licensed under the Eclipse Public License 2.0.
SPDX-License-Identifier: EPL-2.0
The master git repository for this project is hosted by the Software Assurance & Security Research Team at https://git.logicalhacking.com/DASCA/DASCA.
- Achim D. Brucker and Michael Herzberg. On the Static Analysis of Hybrid Mobile Apps: A Report on the State of Apache Cordova Nation. In International Symposium on Engineering Secure Software and Systems (ESSoS). Lecture Notes in Computer Science (9639), pages 72-88, Springer-Verlag, 2016. https://www.brucker.ch/bibliography/abstract/brucker.ea-cordova-security-2016 doi: 10.1007/978-3-319-30806-7_5