Static Analyzer Tool

We have developed a prototype tool of our static analyzer. (Click on the following ZIP file to download the tool)

Prerequisites:

Python (Tested with Python 2.7.17 )
Python graphviz-0.14.1

HomeScanStaticAnalyserTool.zip

The zip file includes these files. The TestExampleJar includes a jar implements sample cryptographic functions.

A Guide to Use the Tool

1) The HomeScan StaticAnalyzer Tool contains HomeScanStaticAnalyzer.jar

python folder (Contains two scripts).
lib folder contains the procyon-decompiler-0.5.36.jar to de-compile java class files

To run the tool: Use the following command from the tool folder

# java -jar HomeScanStaticAnalyzer.jar

2) The tool require to input the JAR file of a program. (Click on Browse -> Select JAR file). Then click on "Find Security API Usage". This will result a list of classes that uses java.crypto and java.security APIs.

3) Next, select a class from the list of classes available in the drop down list for static analysis. Click on "Start Analysis." This will result in the captured domain types of the selected class.

The labelled input parameters of a method is highlighted in dark-yellow

4.) In addition to the results in the table, the user can view the generated java class code of the particular classes analyzed by the static analyzer. Also, the user can view the AST graphs of each method analyzed by the analyzer.

Possible Errors:

If the AST diagrams not generated: Goto the /python on terminal --> Run python printDotty.py manually