ByteCodeDL
A declarative static analysis tool for jvm bytecode based Datalog like CodeQL
Why ByteCodeDL
The name ByteCodeDL evolved from CodeQL. ByteCode corresponds to Code and DL corresponds to QL. It is a declarative static analysis tool, mainly to make up for the regret that CodeQL cannot directly analyze bytecode.
This project has two main purposes:
- Teaching purpose is to help you get started with static analysis. This project will demonstrate how to implement some static analysis algorithms through datalog. Compared with imperative static analysis, this method is much simpler. After learning the basic principles, you can also DIY the rules yourself.
- To improve the efficiency of digging, security researchers generally cannot get the source code. In most cases, they can only analyze the Jar package, and then look at the decompiled code through IDEA. The efficiency is relatively low. I hope that the search function, call graph analysis function, and stain analysis function provided by ByteCodeDL can improve the efficiency of digging for security researchers.
Install
- download or build soot-fact-generator.jar
- install souffle
- install neo4j
Docker
you can use the docker we built like docker-compose.yml
Features
Usage
See the docs folder
Support
What problems encountered during use can be done through
Three ways to feedback us
Plugin
- IDEA
- ByteCodeDL helper BDLH
- Datalog language plugin intellij-datalog
Acknowledgement
- Thanks to the two teachers Li Yue and Tan Tian of Nanyang University, who introduced the field of static analysis through the program analysis course they offered.
- Thanks to Doop, soot-fact-generator.jar is provided.
