Skip to content

starlordphr/Secure_Code_Analysis

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

73 Commits
Notes
Notes
 
 
References
References
 
 
SecurityCustomPlugins
SecurityCustomPlugins
 
 
lib
lib
 
 
output
output
 
 
tests
tests
 
 
third_party/java/auto_service
third_party/java/auto_service
 
 
Evaluation.txt
Evaluation.txt
 
 
LogsAndOutputs.zip
LogsAndOutputs.zip
 
 
README.md
README.md
 
 
WORKSPACE
WORKSPACE
 
 
bazel-CS230-Secure_Code_Analysis
bazel-CS230-Secure_Code_Analysis
 
 
bazel-bin
bazel-bin
 
 
bazel-genfiles
bazel-genfiles
 
 
bazel-out
bazel-out
 
 
bazel-testlogs
bazel-testlogs
 
 
build.xml
build.xml
 
 
clojure_error.log
clojure_error.log
 
 
clojure_error.txt_output.txt
clojure_error.txt_output.txt
 
 
error_log.txt
error_log.txt
 
 
error_log.txt_output.txt
error_log.txt_output.txt
 
 
final_proc_error_output.txt
final_proc_error_output.txt
 
 
ivy_error_log.txt
ivy_error_log.txt
 
 
ivy_error_log.txt_output.txt
ivy_error_log.txt_output.txt
 
 
proc_error.java
proc_error.java
 
 
secure-coding-practices.pdf
secure-coding-practices.pdf
 
 
soda_error.log
soda_error.log
 
 
soda_error.txt_output.txt
soda_error.txt_output.txt
 
 
tomcat_error_log.txt
tomcat_error_log.txt
 
 
tomcat_error_log.txt_output.txt
tomcat_error_log.txt_output.txt
 
 

Repository files navigation

Secure Code Analysis

Problem Description:

To implement a plugin for statically checking if a program has followed secure coding techniques.

Methodology:

Input: Source Code (Java)
Output: Secure Coding Warnings

We will use Google's Error-Prone tool for creating our own secure checker. We will be using selected secure coding practices from "CERT Java Secure Coding.pdf" for our project.

Evaluation:

We will use source codes from some open source projects for secure coding analysis of these projects.

Important Links:

  1. Error-Prone Main Page: http://errorprone.info/

  2. Custom Check using plugin: https://github.com/google/error-prone/tree/master/examples/plugin/gradle

  3. Concrete Example of a Custom Check (The Syntax Tree Stuff :P): https://github.com/google/error-prone/blob/master/examples/plugin/gradle/sample_plugin/src/main/java/com/google/errorprone/sample/MyCustomCheck.java

About

Detect violations of secure coding techniques using abstract symbol tree in Java

Resources

Readme
Activity

Stars

3 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 5

Languages