swan-cmd

swan-cmd is the command line interface for the SWAN, a machine-learning approach for detection of methods of interest for security in Java libraries. swan-cmd should be used in combination with other static analyses tools. It helps the users to create a set of relevant methods required as an input for static analyses, e.g. taint- and type-state analysis. SWAN detects four types of methods: source, sink, sanitizer, and authentication method. The found methods are further categorized according to relevant vulnerabilities (Common Weakness Enumeration - CWE). Currently, SWAN supports the following CWEs: CWE78, CWE79, CWE89, CWE306, CWE601, CWE862, and CWE863.

Main contributors:

Goran Piskachev (goran.piskachev@iem.fraunhofer.de)
Lisa Nguyen (lisa.nguyen@uni-paderborn.de)

The initial set of the features based on code information is contribution of Dr. Siegfried Rasthofer and Dr. Steven Arzt.

Contact:

Goran Piskachev (Fraunhofer IEM, Zukunftsmeile 1, 33102 Paderborn, Office: 02-05)

Name		Name	Last commit message	Last commit date
parent directory ..
src		src
LICENSE		LICENSE
README.md		README.md
pom.xml		pom.xml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

swan-cmd

Contact:

FilesExpand file tree

swan-cmd

Directory actions

More options

Directory actions

More options

Latest commit

History

swan-cmd

Folders and files

parent directory

README.md

swan-cmd

Contact: