This is a scala implementation of a framework that builds a sparse-value flow graph using Soot.
- experimental
- clone this repository or download an stable release
- you will need to add a github token to your ~/.gitconfig.
[github] token = TOKEN
- build this project using sbt (
sbt compile test
) - publish the artifact as a JAR file in your m2 repository (
sbt publish
) - create a dependency to the svfa-scala artifact in your maven project.
<dependency>
<groupId>br.unb.cic</groupId>
<artifactId>svfa-scala_2.12</artifactId>
<version>0.0.2-SNAPSHOT</version>
</dependency>
- implement a class that extends the
JSVFA class
(see some examples in the scala tests). you must provide implementations to the following methodsgetEntryPoints()
to set up the "main" methods. This implementation must return a list of Soot methodssootClassPath()
to set up the soot classpath. This implementation must return a stringanalyze(unit)
to identify the type of a node (source, sink, simple node) in the graph; given a statement (soot unit)
This project use some of the FlowDroid test cases. The FlowDroid test cases in src/test/java/securibench
are under LGPL-2.1 license.