-
Notifications
You must be signed in to change notification settings - Fork 7
Plugin Features
For a quick overview of the plugin features and how to use the plugin, check out the video tutorial here: SWAN-Assist Tutorial
The plugin uses a JSON configuration file which stores details about the methods: it contains the method’s fully qualified name, return type, security level as well as the types and CWE categorization assigned to the method. After selecting the file, the method list will be populated. The methods are also marked in the editor with the corresponding icons (sources are green, sanitizers are orange, sinks are red and authentication methods are blue. We can also expand the methods to view the CWEs that are assigned. ).
Filters can be applied to the method list using the options from the Filter popup menu. Filters that are selected are marked with a checkmark. When we want to disable a filter, we simply click on it. The “Clear Filters” option can also be used to disable all selected filters. The filter options that are available include:
- Current class – shows methods that appear in the currently active file. When the active file changes, the list is updated.
- Type/CWE – methods will be filtered based on the types or CWEs that are selected.
- Training Methods – shows methods used to aid the machine learning process that may be present in the configuration file.
- Deleted methods – shows methods that were removed after rerunning SWAN
Double clicking on a method opens the class file in the editor and the method declaration will be brought in focus.
Right clicking on a method will open the popup menu with various options to manage the method. The options available are:
- Update – A dialog appears that can be used to update the categorization for selected the method. The method name tooltip shows the method’s fully qualified name. Using the combo box, other methods can be selected to be updated. The types and CWEs fields, show the categorizations that are already assigned. To assign a category, double click on an item from the Available Categories list; to remove a category, double click on the item in the Selected Category list. At least one type must be selected for a method. To manage the CWEs, click the CWEs radio button and we follow the same steps as before to add or remove CWEs. Assigning CWEs is not mandatory.
- Restore Method – After rerunning SWAN, some methods may no longer be categorized, this option will be available for those methods and can be used to reinstate the method.
- Delete Method – The delete method option removes a method. The selected configuration file will not be affected, the export option will have to be used to get the updated list of methods.
- Properties – Clicking on the Properties option will load a dialog that provides additional information (for example, discovery, comments and other details) stored in the configuration file.
To add new methods, right click anywhere within the method declaration, select SWAN_Assist and then “Add/Update Method”. The add dialog, same as the update dialog, will appear with the method details populated. Select the types/CWEs as described before and click OK to save the method.
After clicking the Suggest Methods button, two methods will be generated that the user will need to classify. A notification will be added to the Event Log. After clicking "View Methods", a dialog will be populated with the new methods that were suggested. To switch between the methods, select the method from the combo box. The methods can only be added to the list when both methods have been classified.
SWAN can be executed for a new project to find methods of interest. After making changes to the initial lust, SWAN can also refreshed to improve classification of methods. To do this, click on the "Load or Rerun" SWAN button in the action bar. In the dialog that appears, the necessary configuration settings such as project JARs, output directory and training JARs need to be selected. A notification will appear in the Event Log indicating that the process has started. When the process finishes, another notification will be shown from which the logs can be viewed and the newly generated configuration file can be loaded.