SWAN Weakness Detector

SWAN is a machine-learning approach for detection of methods of interest for security in Java libraries.

License	License BSD 3-Clause License
GroupId	GroupId de.upb.cs.swt
ArtifactId	ArtifactId swan_core
Last Version	Last Version 1.3.0
Release Date	Release Date Sep 18, 2019
Type	Type jar
Description	Description SWAN Weakness Detector SWAN is a machine-learning approach for detection of methods of interest for security in Java libraries.
Project URL	Project URL https://github.com/secure-software-engineering/swan
Source Code Management	Source Code Management https://github.com/secure-software-engineering/swan

Download swan_core

Filename	Size
swan_core-1.3.0.pom
swan_core-1.3.0.jar	45 MB
swan_core-1.3.0-sources.jar	45 MB
swan_core-1.3.0-javadoc.jar	340 KB
swan_core-1.3.0-jar-with-dependencies.jar	65 MB
Browse

How to add to project

Apache Maven

<!-- https://jarcasting.com/artifacts/de.upb.cs.swt/swan_core/ -->
<dependency>
    <groupId>de.upb.cs.swt</groupId>
    <artifactId>swan_core</artifactId>
    <version>1.3.0</version>
</dependency>

Gradle Groovy

// https://jarcasting.com/artifacts/de.upb.cs.swt/swan_core/
implementation 'de.upb.cs.swt:swan_core:1.3.0'

Gradle Kotlin

// https://jarcasting.com/artifacts/de.upb.cs.swt/swan_core/
implementation ("de.upb.cs.swt:swan_core:1.3.0")

Apache Buildr

'de.upb.cs.swt:swan_core:jar:1.3.0'

Apache Ivy

<dependency org="de.upb.cs.swt" name="swan_core" rev="1.3.0">
  <artifact name="swan_core" type="jar" />
</dependency>

Groovy Grape

@Grapes(
@Grab(group='de.upb.cs.swt', module='swan_core', version='1.3.0')
)

Scala SBT

libraryDependencies += "de.upb.cs.swt" % "swan_core" % "1.3.0"

Leiningen

[de.upb.cs.swt/swan_core "1.3.0"]

Dependencies

compile (3)

Group / Artifact	Type	Version
ca.mcgill.sable : soot	jar	3.2.0
nz.ac.waikato.cms.weka : weka-stable	jar	3.6.9
com.googlecode.json-simple : json-simple	jar	1.1.1

Project Modules

There are no modules declared in this project.

swan

Security methods for WeAkNess detection

Description:

SWAN is a machine-learning approach for detection of methods of interest for security in Java libraries. SWAN should be used in combination with other static analyses tools. It helps the users to create a set of relevant methods required as an input for static analyses, e.g. taint- and type-state analysis. SWAN detects four types of methods: source, sink, sanitizer, and authentication method. The found methods are further cathegorized according to relevant vulnerabilities (Common Weakness Enummeration - CWE). Curretntly SWAN supports the following CWEs: CWE78, CWE79, CWE89, CWE306, CWE601, CWE862, and CWE863.

SWAN_Assist provides a GUI support for SWAN. The user is able to interact with the learning process by giving feedback on the methods of interest. The tool helps users that write static analyses to create list of SWAN for their specific Java libraries. Moreover, users can manually inspect the proper usage of the methods detected by SWAN.

Contributors:

Goran Piskachev ([email protected])
Lisa Nguyen ([email protected])
Oshando Johnson ([email protected])
Eric Bodden ([email protected])

Contact:

Goran Piskachev (Fraunhofer IEM, Zukunftsmeile 1, 33102 Paderborn)

Secure Software Engineering Group at Paderborn University and Fraunhofer IEM

Versions

Version
1.3.0 Sep 18, 2019
1.2.1 Aug 1, 2019
1.2.0 Jun 7, 2019
1.1.0 Jun 4, 2019
1.0.0 Jun 3, 2019

SWAN Weakness Detector

License

GroupId

ArtifactId

Last Version

Release Date

Type

Description

Project URL

Source Code Management