Skip to content
/ CogniCrypt-IntelliJ Public

Static Code Analysis for Crypto-API misuse detection. IDE Plugin for IntelliJ and Android Studio

License

MIT license
1 star 1 fork Branches Tags Activity
Star

secure-software-engineering/CogniCrypt-IntelliJ

BranchesTags

Repository files navigation

CogniCrypt for Android Studio

This repository contains an Android Studio Plugin for CogniCrypt.

Launch Requirements:

  • Android Studio (tested with version 2018.3.6)

Build

Build Requirements
  • IntelliJ 2019.1.3
  • Java Development Kit 8 (either Oracle or OpenJDK will do)

Using JDK 8 currently is a hard requirement. Any version lower or higher will cause a build error. There are two places to make sure the project is built with a specific JDK version:

  1. Open the module settings for icognicrypt (F4) and check if the Project SDK under Project Settings -> Project refers to a JDK 8 version.
  2. Gradle settings: a) Gradle utilized in the IDE's terminal gets its JDK reference through the JAVA_HOME environment variable of the operating system. Change the value of that variable if required and reboot the system for the changes to take effect. You can check the used JDK/JVM by typing gradlew -v. b) When using the IDE's built-in run and debug commands (the buttons in the top toolbar), Gradle uses a JDK version that is specified in the settings of IntelliJ. Open the settings and go to Build, Execution, Deployment -> Build Tools -> Gradle. Edit the Gradle JVM setting as required (suggestion: choose the option: Use Project JDK).

Run gradlew assemble or gradlew build in root directory.

Debug

To enable the debug functionality you need to add a run configuration in IntelliJ.

  1. Click Add Configuration in the top toolbar.
  2. Press the + symbol and add a Gradle build.
  3. As Gradle Project choose icognicrypt from the drop down menu.
  4. Enter :runIde as Task and optionally --info as Argument.
  5. Press Apply and OK

Installation

  1. Open Android Studio installation and go to File > Settings > Plugins and Select the gear icon and Install Plugin from Disk...
  2. Select file build\distributions\icognicrypt-<VERSION>.zip
  3. Restart Android Studio
  4. Download https://github.com/CROSSINGTUD/CryptoAnalysis/releases/download/2.3/CrySL-rulesets.zip and extract it to some folder
  5. Go to File > Settings > Other Settings > CogniCrypt and set the CrySL Rules Directory to /JavaCryptographicArchitecture
  6. To assure you don't recieve any Stackoverflow exceptions while the analysis is processing make sure the available stack size and allocated memory for Android Studio is sufficent.
    Go to Help > Edit custom VM options... and enter the lines -Xmx4g -Xss100m.

Usage

  1. Build your .apk and make sure it successfully produces an .apk file within your project folder.
  2. Go to Analyze > Run CogniCrypt
  3. Wait till analysis process terminates.

Credits

This work is part of the research project "AppSecure.nrw - Security-by-Design of Java-based Applications". The project is funded by the European Regional Development Fund (ERDF-0801379).

AppSecure.nrw Logo

EFRE Logo Ziel2NRW Logo

About

Static Code Analysis for Crypto-API misuse detection. IDE Plugin for IntelliJ and Android Studio

Topics

static-code-analysis intellij-plugin android-studio-plugin security-scanner api-misuse

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

1 star

Watchers

5 watching

Forks

1 fork
Report repository

Releases

1 tags

Packages

No packages published

Contributors 2

  •  
  •  

Languages