[go: nahoru, domu]
Skip to content

PalladioSimulator/Palladio-ReverseEngineering-Retriever-Vulnerability

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

131 Commits
.github
.github
 
 
.mvn
.mvn
 
 
bundles
bundles
 
 
features/org.palladiosimulator.retriever.vulnerability.feature
features/org.palladiosimulator.retriever.vulnerability.feature
 
 
releng
releng
 
 
tests/org.palladiosimulator.retriever.vulnerability.test
tests/org.palladiosimulator.retriever.vulnerability.test
 
 
.gitignore
.gitignore
 
 
.project
.project
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pom.xml
pom.xml
 
 

Repository files navigation

Palladio-ReverseEngineering-SoMoX-Vulnerability

GitHub license GitHub top language

This project implements a Eclipse Plug-In for static security code analysis. The results of the code analysis is done with the help of the Snyk command line interface. Analysis results are annotated to the traced PCM entities. Therefore, a software security analysis is made possible without building a new security model. The annotation is made possible by the Palladio-Addon: ContextConfidentiality-Metamodel. For detailed security information the Snyk vulnerability database is used.

The project was originally implemented within the scope of the practical master course Werkzeuge für Agile Modellierung at the Karlsruhe Institute of Technology. Since then, it has been maintained and improved upon.

Table of contents

Technologies:

The project is built with:

  • Eclipse (Version: 2022-12 (4.26.0))
  • Java 17 (OpenJDK version 17.0.6)
  • Maven (Version: 3.8.6)

Following dependencies exist:

Installation

For the installation and further development of plugins follow these steps:

  1. Clone and import the Palladio-ReverseEngineering-SoMoX-Vulnerability repository git clone https://github.com/FluidTrust/Palladio-ReverseEngineering-SoMoX-Vulnerability.git
  2. Download and install maven download
  3. Change to the project directory and run mvn clean install. The build should be successful.

For launching plugins from Eclipse:

  1. Download and install Eclipse download
  2. Download and install Eclipse PDE (Plug-in Development Environment)
    • Go to Eclipse → Help → Eclipse Marketplace
    • Search and install Eclipse PDE (Plug-in Development Environment)
  3. Download and install the newes Palladio Plugin download
  4. Import the project from the maven_project directory together with the nested projetcs.
  5. Clone and import the ContextConfidentality Metamodel repository git clone https://github.com/FluidTrust/Palladio-Addons-ContextConfidentiality-Metamodel.git

Now it should be possible to launch plugins.

Functionalities

The plugin should be used as adaptor. Use the interface bundle to implement the interface and fill the parameters for analysis. The plugin will process the parameters and return a new PCM where the found security vulnerabilities are annotated.

Tests

Since this projects connects multiple projects which are all well tested, there were only a few tests needed to test the parsers. These tests are well implemented and successful.

To run the tests, a Snyk binary is required. Place it in the bin/ directory.

Further development

  • The Snyk CLI should be changed to the actual Snyk API. Therefore, website and CLI Parsing will no longer be needed.

About

No description, website, or topics provided.

Resources

Readme

License

EPL-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Java 100.0%