[ ] The performance for this slicing must be in between usages and data-flow slicing.
[ ] The line number and purl information must be correct
Known issues
[ ] A small number of line numbers for method parameters and methods nodes are incorrect due to bugs in javaparser when dealing with comments that include HTML tags.
This PR adds support for creating reachables slices for Java applications.
Prerequisites
Steps
--deep
and-o bom.json
argument. The bom file must be called bom.json and must be present in the target repo.reachables
command. The resulting slice would have a property called "reachables", which is an array offlows
andpurls
as shown.Sample invocation:
https://github.com/AppThreat/atom/blob/feature/reachable-slice/.github/workflows/repotests.yml#L77
Known issues
Sample test results
https://github.com/HooliCorp/java-sec-code reachables.json.txt
https://github.com/OWASP-Benchmark/BenchmarkJava reachables.tar.gz