GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → arguslab → Argus Saf

arguslab / Argus Saf

Licence: apache-2.0
Argus static analysis framework

Programming Languages

scala
5932 projects

Labels

androidsecuritystatic-analysis

Projects that are alternatives of or similar to Argus Saf

Unimport
A linter, formatter for finding and removing unused import statements.
Stars: ✭ 96 (-17.95%)
Mutual labels:  static-analysis
Sast Scan
Fully open-source SAST scanner supporting a range of languages and frameworks. Integrates with major CI pipelines and IDE such as Azure DevOps, Google CloudBuild, VS Code and Visual Studio. No server required!
Stars: ✭ 104 (-11.11%)
Mutual labels:  static-analysis
Abaplint
Standalone linter for ABAP
Stars: ✭ 111 (-5.13%)
Mutual labels:  static-analysis
Squealer
Telling tales on you for leaking secrets!
Stars: ✭ 97 (-17.09%)
Mutual labels:  static-analysis
Crab
CoRnucopia of ABstractions: a library for building abstract interpretation-based analyses
Stars: ✭ 102 (-12.82%)
Mutual labels:  static-analysis
Phpstan
PHP Static Analysis Tool - discover bugs in your code without running it!
Stars: ✭ 10,534 (+8903.42%)
Mutual labels:  static-analysis
Amdh
Android Mobile Device Hardening
Stars: ✭ 95 (-18.8%)
Mutual labels:  static-analysis
Php Cs Fixer
A tool to automatically fix PHP Coding Standards issues
Stars: ✭ 10,709 (+9052.99%)
Mutual labels:  static-analysis
Bap
Binary Analysis Platform
Stars: ✭ 1,385 (+1083.76%)
Mutual labels:  static-analysis
Haxe Checkstyle
Haxe Checkstyle
Stars: ✭ 110 (-5.98%)
Mutual labels:  static-analysis
Awesome Golang Security
Awesome Golang Security resources 🕶🔐
Stars: ✭ 1,355 (+1058.12%)
Mutual labels:  static-analysis
Panopticon
A libre cross-platform disassembler.
Stars: ✭ 1,376 (+1076.07%)
Mutual labels:  static-analysis
Analyzer
🔍 Offline Analyzer for extracting features, artifacts and IoCs from Windows, Linux, Android, iPhone, Blackberry, macOS binaries, emails and more
Stars: ✭ 108 (-7.69%)
Mutual labels:  static-analysis
Phpstan Drupal
Extension for PHPStan to allow analysis of Drupal code.
Stars: ✭ 97 (-17.09%)
Mutual labels:  static-analysis
Java Disassembler
The Java Disassembler
Stars: ✭ 114 (-2.56%)
Mutual labels:  static-analysis
Jpacman Framework
Pacman-inspired game, for teaching testing purposes.
Stars: ✭ 95 (-18.8%)
Mutual labels:  static-analysis
Gopherci
GopherCI was a project to help you maintain high-quality Go projects, by checking each GitHub Pull Request, for backward incompatible changes, and a suite of other third party static analysis tools.
Stars: ✭ 105 (-10.26%)
Mutual labels:  static-analysis
Config Lint
Command line tool to validate configuration files
Stars: ✭ 118 (+0.85%)
Mutual labels:  static-analysis
Setup Php
GitHub action to set up PHP with extensions, php.ini configuration, coverage drivers, and various tools.
Stars: ✭ 1,945 (+1562.39%)
Mutual labels:  static-analysis
Stingray
IDAPython plugin for finding function strings recursively
Stars: ✭ 110 (-5.98%)
Mutual labels:  static-analysis
View All Similar Projects ➔

Argus-SAF: Argus static analysis framework

License Download Build Status Codacy Badge Codacy Badge

This is official reporitory for the Argus-SAF.

For test and play with Argus-SAF, you can fork from our Argus-SAF-playground project, which have the basic setup for a Argus-SAF enhanced project with demo codes of how to perform different kind of analysis.

Repository structure

Argus-SAF/
+--src/main/scala/org.argus.saf/Main.scala     Main class for argus-saf CLI.
+--jawa         Core static analysis data structures, "*.class"&"*.jawa" file managing, jawa compiler, class hierarchy, method body resolving, flow analysis, etc.
+--amandroid    Android resource parsers, information collector, decompiler, environment method builder, flow analysis, etc.
+--jnsaf        Java native interface analysis.
+--nativedroid  Annotation based analysis using angr symbolic execution engine.

Obtaining Argus-SAF as library

Depend on Jawa Maven Central by editing build.sbt:

libraryDependencies += "com.github.arguslab" %% "jawa" % VERSION

Depend on Amandroid Maven Central by editing build.sbt:

libraryDependencies += "com.github.arguslab" %% "amandroid" % VERSION

Note that: Depend on Amandroid will automatically add Jawa as dependency. If you use Maven or Gradle, you should translate it to corresponding format.

Obtaining Argus-SAF CLI Tool

Requirement: Java 10

  1. Click Download
  2. Download argus-saf_***-version-assembly.jar
  3. Get usage by:
$ java -jar argus-saf_***-version-assembly.jar

Developing Argus-SAF

In order to take part in Argus-SAF development, you need to:

  1. Install the following software:

    • IntelliJ IDEA 14 or higher with compatible version of Scala plugin

  2. Fork this repository and clone it to your computer

$ git clone https://github.com/arguslab/Argus-SAF.git

  1. Open IntelliJ IDEA, select File -> New -> Project from existing sources (if from initial window: Import Project), point to the directory where Argus-SAF repository is and then import it as SBT project.

  2. When importing is finished, go to Argus-SAF repo directory and run

$ git checkout .idea

in order to get artifacts and run configurations for IDEA project.

  1. [Optional] To build Argus-SAF more smooth you should give 2GB of the heap size to the compiler process.

    • if you use Scala Compile Server (default): Settings > Languages & Frameworks > Scala Compile Server > JVM maximum heap size

    • if Scala Compile Server is disabled: Settings > Build, Execution, Deployment > Compiler > Build process heap size

  2. Build Argus-SAF from command line: go to Argus-SAF repo directory and run

$ tools/bin/sbt clean compile test
  1. Generate fat jar: go to Argus-SAF repo directory and run
$ tools/bin/sbt assembly

Install JN-Saf with NativeDroid

Install JN-Saf and NativeDroid:

$ tools/scripts/install.sh

You can install either one by:

$ tools/scripts/install.sh jnsaf
$ tools/scripts/install.sh nativedroid

Run BenchMark Test

After install JN-Saf and NativeDroid. Run:

$ tools/scripts/benchmark_cli.sh droidbench
$ tools/scripts/benchmark_cli.sh iccbench
$ tools/scripts/benchmark_cli.sh nativeflowbench

Launch JN-SAF for native analysis

  1. Install nativedroid:
$ tools/scripts/install.sh nativedroid
  1. Start nativedroid server:
$ python nativedroid/nativedroid/server/native_droid_server.py /tmp/binaries nativedroid/nativedroid/data/sourceAndSinks/NativeSourcesAndSinks.txt nativedroid/data/sourceAndSinks/TaintSourcesAndSinks.txt
  1. Use NativeDroidClient.scala to communicate with the nativedroid server to perform native analysis.

Troubleshooting:

  1. If python code in Intellij shows unresolved imports, you should manually import the nativedroid folder as a python module and set Python SDK. Recommend to use a python virtualenv to install nativedroid with it's required python packages.

Bazel build

Bazel integration in progress. Ignore all the BUILD files for now.

How to contribute

To contribute to the Argus-SAF, please send us a pull request from your fork of this repository!

For more information on building and developing Argus-SAF, please also check out our guidelines for contributing. People who provided excellent ideas are listed in contributor.

What to contribute

If you don't know what to contribute, you can checkout the issue tracker with help wanted label, and claim one to help yourself warm up with Argus-SAF.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].