Document Links: install / usage / demo / submission
Group project for Software Engineering
Installation:
Navigate to the directory for the installation and install prerequisites:
sudo apt update
- Updates the package index so your system knows the latest versions of software available. Without this, installs may fail or pull outdated versions.
sudo apt install curl
- Provides the curl command-line tool, used to download files or interact with web APIs. It’s often needed for fetching scripts or data (like Joern’s installer).
sudo apt install python3
- Installs the Python interpreter. Everything else depends on this.
sudo apt install python3-tk
- Provides the Tkinter GUI toolkit bindings for Python. This is what our app uses to create windows, buttons, dropdowns, and the canvas.
- Provides the Tkinter GUI toolkit bindings for Python. This is what our app uses to create windows, buttons, dropdowns, and the canvas.
sudo apt install python3-matplotlib
- Installs Matplotlib, the plotting library used to visualize graphs inside the Tkinter canvas.
- Installs Matplotlib, the plotting library used to visualize graphs inside the Tkinter canvas.
sudo apt install python3-pandas
- Installs Pandas, which is used to store and manipulate vulnerability reports
sudo apt install python3-networkx
- Installs NetworkX, the graph library is used to build CFG, CALL, and AST graphs from Joern’s CPG data.
sudo apt install -y openjdk-17-jdk
- Joern is built on the JVM (Java Virtual Machine). Java 17 is needed to run Joern’s CLI tools (joern-parse, joern-export, etc.)
wget https://github.com/joernio/joern/releases/download/v4.0.324/joern-install.sh
- Downloads Joern’s installer script.
sudo chmod +x joern-install.sh
- Makes the installer script executable.
sudo ./joern-install.sh –interactive=false
- Runs the installer in non-interactive mode, so Joern is set up automatically without prompting you.
- Extract joern-cli.zip
- Joern’s CLI tools are packaged in a zip file. Extracting it gives you access to commands, which our app calls to generate the CPG data.
- Joern’s CLI tools are packaged in a zip file. Extracting it gives you access to commands, which our app calls to generate the CPG data.
- Now install the vulnerability scanner by downloading the repository zip from github and extracting the zip:
wget https://github.com/AndCplusplus/cpg_evaluation-SE/archive/main.zip
Note
We have included .c files for testing. They are located in the "codebase" folder
Usage:
After installing prerequisites and downloading this repository use the terminal to run the teamten.py
In a terminal window run teamten.py:
python3 teamten.py
Once the gui opens press the “Upload File” button and select a .c file to upload:
When the file is uploaded the status bar will display the current file. After your file is loaded press the “Scan for Vulnerabilities” button to begin scan.
After the file is scanned the first time a CFG graph showing the vulnerabilities is displayed and the table below the graph will show where the vulnerabilities are located along with the type and severity of the vulnerabilities.
You can then select another type of graph to be displayed for the current file or upload a new file.
Here is a closer look at the table:
Luis M
Nico G
Gabriel A
