Tasks

Tasks and features

• Dual license MIT and BSD

• Serialize the Soot global object G into jaam files.

  • Test if "G" contains open handles
  • Serialize "G" last, but add a VM shutdown hook to serialize it on early termination

• What does the second "a" in "jaam" stand for? "Abstracted"? "Abstracting"? "Abstract"?

• Get to 100% coverage of the engagement 2 apps

  • Solve the library problem
    • Try turning off global snowflake (@peteyblueeyes)
    • Try doing call-back saturation (@Kraks)

• Polish up jaam-tool coverage2 (@pdarragh)

• Evaluate "scallop" for option arsing (@pdarragh)

• Intercept "main" class from apps

  • Maybe create a jaam file that records the name of the main class

    The workflow would be to create a "start up" jaam file that contains everything needed to analyze the app (e.g., contains all the jar files, points to the main class, etc.). Then the interpreter would take just this jaam file as argument. Thus, when running the analyzer, we don't have to futz around with specifying classpaths or main classes. (We could also have a tool that runs the app based on the jaam file. It might make testing some apps easier.)

    • Tool to intercept calls to java in docker files. (@webyrd)

      Use the "Java Tools" api to add an "agent". Either with JAVA_TOOLS_OPTIONS environment variable or command line option to java.

• Put a Java version check in the header of jaam files

• Show decompiled code in visualizer

  • Which decompiler? Procyon?
  • Where to do decompiling? Interpreter? Visualizer? Extra tool? (I think the extra tool might be best)

• Defeat the code obfuscation by the red team

  • Do we know that they will continue doing this?

• Analyzer

  • I'm blanking on this. To be filled in.

• Visualizer

  • Put that big list of feature requests here.