|
1 | | -# assistMOIS |
2 | | -IntelliJ IDEA Plug-in for the tool MOIS (Methods of interest for security) |
| 1 | +# SWAN_Assist |
| 2 | +IntelliJ IDEA Plug-in for the Security methods for WeAkNess detection (SWAN) tool. |
3 | 3 |
|
4 | 4 | Description: |
5 | 5 | ------------- |
6 | | -MOIS (/mwa/ security) is a machine-learning approach for detection of methods of interest for security in Java libraries. |
7 | | -MOIS should be used in combination with other static analyses tools. It helps the users to create a set of relevant methods required as an input for static analyses, e.g. taint- and type-state analysis. |
8 | | -MOIS detects four types of methods: source, sink, sanitizer, and authentication method. |
9 | | -The found methods are further cathegorized according to relevant vulnerabilities (Common Weakness Enummeration - CWE). Curretntly MOIS supports the following CWEs: CWE89, CWE79, CWE306, CWE862, and CWE863. |
10 | | - |
11 | | -AssistMOIS provides a GUI support for MOIS. The user is able to interact with the learning process by giving feedback on the methods of interest. |
12 | | -The tool helps users that write static analyses to create list of MOIS for their specific Java libraries. |
13 | | -Moreover, users can manually inspect the proper usage of the methods detected by MOIS. |
| 6 | +SWAN is a machine-learning approach for detection of methods of interest for security in Java libraries. |
| 7 | +SWAN should be used in combination with other static analyses tools. It helps the users to create a set of relevant methods required as an input for static analyses, e.g. taint- and type-state analysis. |
| 8 | +SWAN detects four types of methods: source, sink, sanitizer, and authentication method. |
| 9 | +The found methods are further cathegorized according to relevant vulnerabilities (Common Weakness Enummeration - CWE). Curretntly SWAN supports the following CWEs: CWE89, CWE79, CWE306, CWE862, and CWE863. |
14 | 10 |
|
| 11 | +SWAN_Assist provides a GUI support for SWAN. The user is able to interact with the learning process by giving feedback on the methods of interest. |
| 12 | +The tool helps users that write static analyses to create list of SWAN for their specific Java libraries. |
| 13 | +Moreover, users can manually inspect the proper usage of the methods detected by SWAN. |
15 | 14 |
|
16 | 15 | Contributors: |
17 | 16 | * Goran Piskachev (goran.piskachev@iem.fraunhofer.de) |
18 | 17 | * Oshando Johnson (oshando@campus.uni-paderborn.de) |
19 | 18 | * Lisa Nguyen (lisa.nguyen@uni-paderborn.de) |
20 | 19 |
|
| 20 | +## Setting Up the Plugin |
| 21 | + |
| 22 | +Import the project using either of the following methods: |
| 23 | +##### Cloning Project from the Repository |
| 24 | +1) Select the *File>Project from Version Control>Git* option, enter the repository’s URL and then select *Clone* to import the project. |
| 25 | +2) Go to *File>Project Structure* to edit the project settings. |
| 26 | + 3) For the project's SDK, select the *IntelliJ IDEA IU-** option. |
| 27 | + 4) Select *Modules* from the left panel and use the *Add* button to add a new project module. In the window that appears, select *IntelliJ Platform Plugin* from the left panel and select *OK*. Select a name for the module and ensure that the *Content Root* and *Module File Location* point to the project's root folder and select *Finish*. If a default module was generated while importing the project, you can remove it. |
| 28 | + 5) Select Libraries from the left panel, select the *Add* button and select Java. Select the ``/libs`` folder in the window that appears and select *Open*. |
| 29 | + |
| 30 | +##### Downloading and Importing Project |
| 31 | +1) Download the project from Github and then use the *File>Project from Existing Resources* from the menu to import the project. Select the downloaded project's root folder and select *Open*. |
| 32 | +2) Select the option to *Create Project from existing sources* and then proceed. |
| 33 | +3) At the step to select the project's source files, deselect the ``test-project/src`` entry, if it was automatically selected. The project libraries will be automatically detected and a module will also be created. |
| 34 | +4) Validate that the project was imported correctly and the module was correctly created. If there are issues, follow the steps in step 2 in the above section. |
| 35 | + |
| 36 | +## Running the Plugin |
| 37 | +To run the plugin, select the *Run Configuration* drop down menu and select *Edit Configurations*. Ensure that the module that was created previously is selected and press Ok. You should now be able to run the project. |
| 38 | + |
| 39 | +A separate instance of IntelliJ will be launched. Use the open option to select the project found in ``/example-project`` directory. You may need to setup a project SDK for the project if one isn’t automatically configured. You should then be able to run the test project. |
| 40 | + |
| 41 | +Logs for the plugin will appear in the initial instance of IntelliJ. |
| 42 | + |
| 43 | +## Building the Plugin |
| 44 | +To build the plugin, select the "Prepare Plugin Module '...' For Deployment" option from the Build menu. This will generate the a zip file that contains the plugin's jars and resources in the project's root directory. |
| 45 | + |
| 46 | +## Installing the Plugin |
| 47 | +To install the plugin, go Preferences and select "Plugins" from the sidebar. Select the "Install Plugin from disk" button, locate the plugin file and select it. You will need to restart IntelliJ for the plugin to work. |
21 | 48 |
|
22 | 49 | Contact: |
23 | 50 | ------------- |
|
0 commit comments