Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SDT] Taint Analysis for Python code called from Java #105

Draft
wants to merge 73 commits into
base: develop
Choose a base branch
from
Draft

[SDT] Taint Analysis for Python code called from Java #105

wants to merge 73 commits into from

Conversation

barpec12
Copy link

This PR introduces analysis for Python code executed using Jython, a ScriptEngine for calling Python code from Java.

  • Main details
    It bases on the PR for JavaScript analysis made by @timll - JavaScript-Aware Taint Analysis #81.
    The main target of this PR is to detect and run analysis on Python code.

  • Short description
    Opal recognises Python code sent to ScriptEngine.
    It starts the analysis, that is conducted in Python. Its results are returned back to Java and processed by Opal.
    A prototype for analysis of Python code is also provided, but it is simple and incomplete.

  • Further improvements
    This analysis can be later changed to a complete solution like Pysa.
    Unfortunately, currently it is not possible due to incompatible Python versions.
    Jython does not support Python 3.x at the time of making this PR.

errt and others added 30 commits March 5, 2021 17:04
@errt
Improved IFDS analysis, including demos and tests; by Mario Trageser
3b3e206 
Former-commit-id: 7511d576c182b52f5873121e83c5914907f5474e
@errt
Merge branch 'develop' into feature/IDFS-improvements
eb91c75
@buenaventure
Create new project "ll"
31c4c6b
@buenaventure
Add llvm bindings dependency
a26ee83
@TorunR
Merge branch 'develop' into feature/IDFS-improvements
9490098
@buenaventure
Read and dump module
1a3b939
@buenaventure
Begin implementing wrappers
34d4e25
@buenaventure
Read instructions
53da4de
@Diarilex
AndroidEntryPointFinder added
283ef68
@buenaventure
Implement SimplePurityAnalysis which assumes everything to be Impure
c88385a
@TorunR
Merge branch 'develop' into feature/IDFS-improvements
bca47d7
@buenaventure
Implement SimplePurityAnalysis
c87f9ac
@buenaventure
Implement viewCFG
df11561
@buenaventure
Merge pull request opalj#3 from buenaventure/develop
75f01ea 
Update from upstream
@buenaventure
Merge remote-tracking branch 'upstream/develop' into ll
79cf52a
@buenaventure
Add simple multilingual test project
905ad98
@buenaventure
Merge remote-tracking branch 'upstream/develop' into feature/IDFS-imp…
c624d84 
…rovements
@buenaventure
Merge branch 'develop' into ll
bb079fd
@buenaventure
Add taint testcase
9ccee79
@buenaventure
Merge branch 'feature/IDFS-improvements' into ll_multiling_ifds
6ab61f6
@buenaventure
Format code
b99997c
@buenaventure
Adapt new ifds to new call graph (with context)
90c179a
@buenaventure
Add multilingual taint test
a464309
@buenaventure
Extract IFDSProblem(flow functions etc) from IFDSAnalysis
7d00973
@buenaventure
Replace specialized ifds analysis classes with parameter
e3838cf
@buenaventure
WIP
633c377
@buenaventure
WIP
cc84ea1
@buenaventure
WIP
cb4f4f7
@buenaventure
WIP
41d949c
@buenaventure
WIP
0b40422
buenaventure and others added 30 commits May 6, 2022 12:55
@buenaventure
Cleanup
5e9cfaf
@buenaventure
Include llvm dependency using special sbt plugin
16a99ae
@buenaventure
Fix sbt assembly
89c1ff7
@buenaventure
Reverst scalastyle change
89b91ca
@buenaventure
Improve test case
91bae7d
@buenaventure
Fix test
ed4ee71
@buenaventure
Fix wrong flow by adding successor to return flow and checking for ab…
626cce9 
…normal returns
@buenaventure
Fix return flow of native code
f34443b
@buenaventure
Format
7284093
@buenaventure
Add native to java calls to TaintTest
ab242a9
@buenaventure
Fix crashes and old tests
c53aa61
@buenaventure
Add debugData for ifds; Add simple GetElementPointer handling
943d7a1
@buenaventure
Native to Java calls WIP
cb0be34
@buenaventure
Small fixes
d3ab854
@buenaventure
JNI call analysis WIP
b6a2202
@buenaventure
JNI call analysis WIP
e5d34a1
@buenaventure
Merge remote-tracking branch 'upstream/develop' into llvm_xlang_ifds
ec8c05a
@buenaventure
Fix most errors after merge
ad65890
@buenaventure
Fix remaining errors after merge
c050890
@buenaventure
Implement VTA in new IFDS for evaluation
655d22a
@buenaventure
Implement Subsuming and add to evaluation
b844920
@buenaventure
x-lang working in simple case
d43fb11
@t1mlange
Add javascript aware taint analysis
8baacc6
@t1mlange
Add TODOs marking 'things left open' in the code
d10d586
@barpec12
Detect Python code
7c0af3d
@barpec12
Prototype of taint analysis for Python
793ee1d
@barpec12
Documentation of Python module
5c13fd2
@barpec12
Tests description
dd03857
@barpec12
Tests improvement
1c412e5
@barpec12
Comment on adding left addition
319247a
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@barpec12 @errt @buenaventure @TorunR @Diarilex @t1mlange