-
Notifications
You must be signed in to change notification settings - Fork 123
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
how to get potentially or actually executable of vuln. code when scan source code? #590
Comments
If you run the Steady CLI via However, I would generally recommend using Steady's Maven plugin where possible. The invocation and configuration is much easier. |
Thanks for your reply. I understand how to set |
If the project you're analyzing has a |
Question
how to get potentially or actually executable of vuln. code when scan pom.xml, and where do i need to put the source code?
To Reproduce
Analyzed project: ch.qos.logback : logback-classic : 1.1.11
Pom.xml from: https://repo1.maven.org/maven2/ch/qos/logback/logback-classic/1.1.11/logback-classic-1.1.11.pom
and i put pom.xml in ../app path
Same info in steady-custom.properties
vulas.core.appContext.group = ch.qos.logback
vulas.core.appContext.artifact = logback-classic
vulas.core.appContext.version = 1.1.11
vulas.core.app.appPrefixes = logback-classic
vulas.core.app.sourceDir = app
vulas.core.uploadEnabled = true
vulas.reach.wala.callgraph.reflection = NO_FLOW_TO_CASTS_NO_METHOD_INVOKE
vulas.reach.timeout = 120
vulas.core.instr.sourceDir =
vulas.core.instr.targetDir = vulas/target
vulas.core.instr.includeDir = vulas/include
vulas.core.instr.libDir = vulas/lib
vulas.core.instr.instrumentorsChoosen = org.eclipse.steady.java.monitor.trace.SingleTraceInstrumentor
vulas.core.instr.searchRecursive = true
Command that i use
sudo java -Xms2048m -Xmx2048m -jar steady-cli-3.2.5-jar-with-dependencies.jar -goal app
sudo java -Xms2048m -Xmx2048m -jar steady-cli-3.2.5-jar-with-dependencies.jar -goal a2c
sudo cd app
sudo mvn compile org.eclipse.steady:plugin-maven:3.2.5:prepare-agent
sudo cd ..
sudo java -Xms2048m -Xmx2048m -jar steady-cli-3.2.5-jar-with-dependencies.jar -goal upload
sudo java -Xms2048m -Xmx2048m -jar steady-cli-3.2.5-jar-with-dependencies.jar -goal instr
sudo java -Xms2048m -Xmx2048m -jar steady-cli-3.2.5-jar-with-dependencies.jar -goal upload
sudo java -Xms2048m -Xmx2048m -jar steady-cli-3.2.5-jar-with-dependencies.jar -goal t2c
sudo java -Xms2048m -Xmx2048m -jar steady-cli-3.2.5-jar-with-dependencies.jar -goal upload
sudo java -Xms2048m -Xmx2048m -jar steady-cli-3.2.5-jar-with-dependencies.jar -goal checkcode
sudo java -Xms2048m -Xmx2048m -jar steady-cli-3.2.5-jar-with-dependencies.jar -goal upload
sudo java -Xms2048m -Xmx2048m -jar steady-cli-3.2.5-jar-with-dependencies.jar -goal report
In case of bugs in a Web frontend:
The text was updated successfully, but these errors were encountered: