CryptoGuard $CVER 04.05.03$

badge Docker Badge Version Badge GitHub Release Downloads

Java Vulnerabilities (by Snyk.io): CryptoGuard Vulnerabilities Python3 Vulnerabilities (by Snyk.io): Python Vulnerabilities

A program analysis tool to find cryptographic misuse in Java and Android.

CryptoSouple.py

This python file is the wrapper created to assist with various portions of the project. You should use it for various commands including:

MyBinder

This is a website hosting a Docker image that actively runs either Java or Python3 samples. The Java Notebook is only possible by utilitzing IJava. This is still under progress as the following are not active yet:

Please run the following command to get more information on how to use it ./cryptosouple.py.

IMPORTANT NOTICE

Building From Source

Prerequisites (Environment Variables)

  1. JAVA_HOME: Point to a valid Java 8 JDK Installation
    • Needed for all of the scans
  2. JAVA7_HOME: Point to a valid Java 7 JDK Installation
    • Needed for project scans and java file scans
  3. ANDROID_SDK_HOME: Point to a valid Android JDK Installation
    • Needed for Android

Note

Different Scanning Options

Source (Maven or Gradle Project Directory only)

Note

If the project have external dependencies then first gather the dependencies under a folder that is relative to the project root (e.g., "build/dependencies").

If you have multiple subprojects with external dependencies, then you have to gather all the corresponding subproject dependencies under a path that is relative to each of the subprojects.

JAR Files

APK Files

Java Files (Currently Unstable, currently limited to Java JDK 8 by library constraint)

Java Class Files (Currently limited to Java JDK 8)

Different Scanning Options

Source/Dependencies options

Output options

Default
Legacy
Scarf XML

Input a single file (list of files)

./samples/testable-jar/src/main/java/tester/UrlFrameWorks.java
./samples/testable-jar/src/main/java/tester/PasswordUtils.java
./samples/testable-jar/src/main/java/tester/Crypto.java
./samples/testable-jar/src/main/java/tester/PBEUsage.java
./samples/testable-jar/src/main/java/tester/NewTestCase2.java
./samples/testable-jar/src/main/java/tester/VeryBusyClass.java
./samples/testable-jar/src/main/java/tester/SymCrypto.java
./samples/testable-jar/src/main/java/tester/NewTestCase1.java
./samples/testable-jar/src/main/java/tester/LiveVarsClass.java
./samples/testable-jar/src/main/java/tester/PassEncryptor.java}

Help

FAQ

Website

Disclaimer

CryptoGuard is a research prototype under GNU General Public License 3.0

Copyright © 2020 CryptoGuard

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 3.0 for more details.

You should have received a copy of the GNU General Public License 3.0 along with this program. If not, see https://www.gnu.org/licenses/gpl-3.0.html.

Reference

If you find this project useful, please cite our CCS'19 CryptoGuard paper and the thesis supporting the latest enhancements from within this fork.

@phdthesis{frantz2020enhancing,
	title={Enhancing CryptoGuard's Deployability for Continuous Software Security Scanning},
	author={Frantz, Miles},
	year={2020},
	school={Virginia Tech}
}