search

secure-software-engineering / secucheck

Soot-based taint analysis with internal Java fluent interface for security specifications in fluentTQL implemented with MagpieBridge to support multiple IDEs.
MIT License
16 stars 7 forks source link

How do i run the demo project. #5

Open dyd1024 opened 2 years ago

dyd1024 commented 2 years ago

When I run secucheck-cmd.jar at the command line following the readme file, I can't find the path "/secucheck/catalog/" and the path "\SC-1.1.0\secucheck-catalog\", can you help me?

ranjithkris commented 2 years ago

Hi,

secucheck/catalog is a project created by us, which contains some of the demo projects and the respective fluentTQL taintflow specifications. Therefore, if you want to run secucheck on these demo projects you need to clone the secucheck-catalog project. Below is the link to the secucheck-catalog repository. I have provided the link to v1.1.0 version of secucheck-catalog. However, based on the secucheck version that you use, I recommend you to use the respective secucheck-catalog version.

After you clone the secucheck-catalog repository, then give the path of the demo project that you want analyze to the secucheck through the configuration file.

https://github.com/secure-software-engineering/secucheck-catalog/tree/v1.1.0

Thanks, Ranjith

dyd1024 commented 2 years ago

Thank you very much!