Skip to content
This repository has been archived by the owner on Nov 10, 2022. It is now read-only.

Multi language taint analysis with 📚LiSA

Notifications You must be signed in to change notification settings

UniVE-SSV/lisa-joycar-example

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

LiSA IOTJoyCar

Running a taint analysis to detect possible cross-language injection vulnerabilites on a sample C++ and Java program using LiSA.

The original code (this folder contain simplified versions of those sources), used as running example in this paper, is taken from this repository. Specifically, the sources are missing debug statements (i.e. printing to console) and C++ functions used to instruct CodeSonar about sources, sinks and sanitizers.

To execute, use ./gradlew run. As described in the paper, the analysis can generate zero or one warning, depending if you consider function map as a sanitizer. Execute ./gradlew run --args="sanitize" to consider it. The program will build the CFG representation and execute LiSA inside analysis/<random UUID>, dumping a json report and the dot files with the analysis results (where _|_ represents a bottom value, _ represents a clean value and # represents a tainted value). The warnings generated, as well as the folder containing the results, will be shown at the end of the log.

Version of LiSA used is 0.1b3.

About

Multi language taint analysis with 📚LiSA

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Java 61.4%
  • ANTLR 37.0%
  • C++ 1.6%