Skip to content

dev-assist

Directory actions

More options

Directory actions

More options

Latest commit

 

History

History

dev-assist

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
gradle/wrapper
gradle/wrapper
 
 
src/main
src/main
 
 
README.md
README.md
 
 
build.gradle
build.gradle
 
 
gradlew
gradlew
 
 
gradlew.bat
gradlew.bat
 
 
settings.gradle
settings.gradle
 
 

README.md

Dev-Assist IntelliJ Plugin

Dev-Assist is an IntelliJ IDEA plugin that uses SWAN to detect security-relevant methods (SRMs) that are required when configuring static analysis tools. After automatically detecting SRMs, the plugin can be used to adjust the list of security-relevant methods and also generate the tainit-flow specifications required to run the taint analysis tool SecuCheck.

The plugin works with IntelliJ IDEA 2022.2 and higher.

Plugin Features

The plugin has the following main features which are accessible in the plugin's tool window and from the editor:

  • Detect security-relevant methods in Java programs with SWAN's machine learning approach
  • Update security-relevant methods list using method dialog
    • Import existing SRM list
    • Add new SRMs from the editor
    • Update existing method (SRM labels, data-in/data-out and meta properties)
    • Delete SRMs
    • Filter SRM list
    • Expand/collapse method list
    • Export updated SRM list
  • Generate fluentTQL taint-flow specifications necessary to configure SecuCheck in order to detect vulnerabilities
  • Run SecuCheck and displays results using Qodana

Installation

To install the plugin in IntelliJ IDEA:

  • Download the latest plugin archive file (ZIP or JAR)
  • Open the IDE settings and select Plugins
  • On the Plugins page, click Gear icon and then click Install plugin from disk....
  • Select the Dev-Assist plugin archive file and select OK
  • Click OK to apply the changes.
  • Restart the IDE to complete the installation