Skip to content
Snippets Groups Projects
Commit 707382b3 authored by Fawwaz Anugrah Wiradhika Dharmasatya's avatar Fawwaz Anugrah Wiradhika Dharmasatya
Browse files

feat: add readme on how to use

parent 75cc244d
No related merge requests found
# TA-Static-Code-Analysis # TA-Static-Code-Analysis
Repositori untuk Tugas Akhir Static Code Analysis Menggunakan Graf untuk Deteksi Broken Authentication and Access Control Vulnerability Repositori untuk Tugas Akhir Static Code Analysis Menggunakan Graf untuk Deteksi Broken Authentication and Access Control Vulnerability
## Requirements
Python 3.10 (Program hanya diuji pada versi Python 3.10)
## Cara Penggunaan
1. Unduh semua _dependency_ dengan menjalankan perintah berikut pada _root_ proyek kakas:
```sh
pip install -r requirements.txt
```
2. Jalankan perintah di ``Makefile`` atau jalankan langsung kakas dengan kode berikut:
```sh
python src/main.py
```
3. Masukkan _path_ menuju folder proyek yang akan dianalisis.
```
Welcome to SCA Tool
V.1.0
Enter the path to the project: tests/dummy
Enter the path to the ACL file: tests/dummy/acl.txt
Is this correct? (y/n):
```
4. Masukkan `y` jika _path_ sudah benar
5. Kakas akan berjalan dan menampilkan hasil deteksi ke layar. Contoh hasil deteksi adalah seperti berikut:
```sh
=====================ANALYSIS RESULT=====================
> Elements that are not contacting ACL:
1. MessageViews.class_delete_message() in tests/dummy\message_view.py
2. MessageViews.class_get_message() in tests/dummy\message_view.py
3. delete_note() in tests/dummy\views.py
4. get_note() in tests/dummy\views.py
## Example for Joern > Real ACL Table:
logout: ['admin', 'user']
MessageViews.class_add_message: ['admin', 'user']
MessageViews.class_update_message: ['admin', 'user']
MessageViews.class_delete_message: ['user', 'admin', 'guest']
MessageViews.class_get_message: ['user', 'admin', 'guest']
MessageViews.class_get_logs: ['admin']
add_note: ['admin', 'user']
update_note: ['admin', 'user']
delete_note: ['user', 'admin', 'guest']
get_note: ['user', 'admin', 'guest']
get_logs: ['admin', 'user']
```sh > Potential Broken ACL:
cd src/lib 1.MessageViews.class_delete_message | Principal list difference: [guest]
./src/lib/joern/joern --script src/lib/scripts/gen_cfg.sc --param """codeFiles=FileParser.py""" 2.MessageViews.class_get_message | Principal list difference: [guest]
3.delete_note | Principal list difference: [guest]
4.get_note | Principal list difference: [guest]
5.get_logs | Principal list difference: [user]
[2024-07-06 16:30:55.189504] Analysis finished in 0.3326 seconds. (generation: 0.277421 seconds, detection: 0.045635 seconds)
``` ```
## Note
For now only testes in windows and linux
Regex to find uncommented print statement ## Note
```sh For now only testes in windows and linux
^\s*print\(.*\)|^[^#\n]*print\(.*\) \ No newline at end of file
```
\ No newline at end of file
- Per NoCheck an sudah dites
function (V)
class:
- function (V)
module:
- function (V)
- class (V)
- class > function (V)
- services kena nocheck?
services -> nocheck
function (V)
class: (V)
- function (V)
module: (V)
- function (V)
- class (V)
- class > function (V)
nocheck -> services
function (V)
class:(V)
- function (V)
module: (V)
- function (V)
- class (V)
- class > function (V)
- default gak cek __init__ (V)
TODO
- check kalau kelasnya disimpan di variabel (V) -> cuma kalau langsung manggil kelas ( 1 kali assignment, belum transitif)
- acl sekaligus services?
services -> acl
acl -> services
nocheck -> acl
acl -> nocheck
services -> services
nocheck -> nocheck
acl -> acl
- services dalam services (module -> function)
- handle remaining duplicate annotation
TODO: handle path berspasi
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment