information-flow-analysis

v0.1.5

Information Flow Control library for binaries using angr For more information about how to use this package see README

Latest version published 3 years ago

License: BSD-2-Clause

PyPI

GitHub

Package Health Score

54 / 100

security
Security review needed
popularity
Small
maintenance
Inactive
community
Active

Popularity

Small

GitHub Stars: 7.29K
Forks: 1.04K
Contributors: 240

Direct Usage Popularity

Based on project statistics from the GitHub repository for the PyPI package information-flow-analysis, we found that it has been starred 7,286 times.

Security

Security review needed

Security and license risk for latest version

Release Date: May 30, 2021
Direct Vulnerabilities: 0
C
0
H
0
M
0
L
Indirect Vulnerabilities: 0
C
0
H
0
M
0
L
License Risk: 0
H
2
M
0
L

All security vulnerabilities belong to production dependencies of direct and indirect packages.

License

BSD-2-Clause

Security Policy

Yes

You can connect your project's repository to Snyk to stay up to date on security alerts and receive automatic fix pull requests.

Keep your project free of vulnerabilities with Snyk

Maintenance

Inactive

Commit Frequency

Open Issues: 387
Open PR: 88
Last Release: 3 years ago
Last Commit: 2 months ago

Further analysis of the maintenance status of information-flow-analysis based on released PyPI versions cadence, the repository activity, and other data points determined that its maintenance is Inactive.

An important project maintenance signal to consider for information-flow-analysis is that it hasn't seen any new versions released to PyPI in the past 12 months, and could be considered as a discontinued project, or that which receives low attention from its maintainers.

In the past month we didn't find any pull request activity or change in issues status has been detected for the GitHub repository.

Community

Active

Readme: Yes
Contributing.md: No
Code of Conduct: No
Contributors: 240
Funding: No

A good and healthy external contribution signal for information-flow-analysis project, which invites more than one hundred open source maintainers to collaborate on the repository.

We found a way for you to contribute to the project! Looks like information-flow-analysis is missing a Code of Conduct.

Embed Package Health Score Badge

Keep your project healthy

Check your requirements.txt

Ensure all the packages you're using are healthy and well-maintained

Snyk Vulnerability Scanner

Get health score & security insights directly in your IDE

Package

Python Versions Compatibility: Unspecified

Age: 3 years
Latest Release: 3 years ago
Dependencies: 6 Direct / 54 Total
Versions: 6
Maintainers: 1
Wheels: OS Independent

Readme

Binary Information Flow Analysis tool using Angr

Angr_information_flow_analysis is an angr IFC analysis tool for unix binaries.

Install

Install using pip install information-flow-analysis.

Usage of `analyze` Information Flow Analysis object

import angr
import claripy
from information_flow_analysis import analysis

def main():
    proj = angr.Project('implicit3.out', load_options={'auto_load_libs':False})

    sym_arg_size = 15
    arg0 = claripy.BVS('arg0', 8*sym_arg_size)
    state = proj.factory.entry_state(args=['./implicit3.out', arg0])

    high_addrs = [0x4011a6, 0x4011a9]

    ifa = analysis.InformationFlowAnalysis(proj=proj,state=state,start="main",high_addrs=high_addrs)
    ifa.analyze()
    return 0
    
if __name__ == "__main__":
    main()

Usage of `find_explicit_leaks` Information Flow Analysis object

import angr
import claripy
from information_flow_analysis import analysis

def main():
    proj = angr.Project('implicit3.out', load_options={'auto_load_libs':False})

    sym_arg_size = 15
    arg0 = claripy.BVS('arg0', 8*sym_arg_size)
    state = proj.factory.entry_state(args=['./implicit3.out', arg0])

    high_addrs = [0x4011a6, 0x4011a9]

    ifa = analysis.InformationFlowAnalysis(proj=proj,state=state,start="main",high_addrs=high_addrs)
    ifa.find_explicit_leaks()
    return 0
    
if __name__ == "__main__":
    main()

Output relevant graphs

Output CFGS

Use out.cfgs() in order to print all relevant control flow graphs in an seperate /out folder.

An example of this is could be:

import angr
import claripy
from information_flow_analysis import out

def main():
    proj = angr.Project('implicit3.out', load_options={'auto_load_libs':False})

    sym_arg_size = 15
    arg0 = claripy.BVS('arg0', 8*sym_arg_size)
    state = proj.factory.entry_state(args=['./implicit3.out', arg0])

    out.cfgs()
    return 0
    
if __name__ == "__main__":
    main()

Generally you want to look at the cfg_fast.pdf as it contains relevant information about instructions. This CFG is also very relevant in order to locate which high_addrs you will make confidential.

Output all relevant graphs within the `InformationFlowAnalysis` object

Use IFA.draw_everything() in order to print all relevant graphs contained in the IFA-object in an seperate /out folder.

An example of this is could be:

import angr
import claripy
from information_flow_analysis import analysis

def main():
    proj = angr.Project('implicit3.out', load_options={'auto_load_libs':False})

    sym_arg_size = 15
    arg0 = claripy.BVS('arg0', 8*sym_arg_size)
    state = proj.factory.entry_state(args=['./implicit3.out', arg0])

    high_addrs = [0x4011a6, 0x4011a9]

    ifa = analysis.InformationFlowAnalysis(proj=proj,state=state,start="main",high_addrs=high_addrs)
    ifa.draw_everything()
    return 0
    
if __name__ == "__main__":
    main()

This is primarily used to debugging purposes or if you manually want to check for leaks. (NOTE: That you need to supply high_addrs in order to do this)

information-flow-analysis dependencies

angr angr-utils bingraphvis matplotlib networkx pydot

FAQs

What is information-flow-analysis?

Information Flow Control library for binaries using angr. Visit Snyk Advisor to see a full health score report for information-flow-analysis, including popularity, security, maintenance & community analysis.

Is information-flow-analysis popular?

The python package information-flow-analysis receives a total of 58 weekly downloads. As such, information-flow-analysis popularity was classified as small. Visit the popularity section on Snyk Advisor to see the full health analysis.

Is information-flow-analysis well maintained?

We found indications that information-flow-analysis is an Inactive project. See the full package health analysis to learn more about the package maintenance status.

Is information-flow-analysis safe to use?

While scanning the latest version of information-flow-analysis, we found that a security review is needed. A total of 0 vulnerabilities or license issues were detected. See the full security scan results.

Last updated on 26 July-2024, at 16:07 (UTC).

Build a secure application checklist

Select a recommended open source package

Minimize your risk by selecting secure & well maintained open source packages

DONE

Scan your app for vulnerabilities

Scan your application to find vulnerabilities in your: source code, open source dependencies, containers and configuration files

SCAN NOW

Fix identified vulnerabilities

Easily fix your code by leveraging automatically generated PRs

AUTO FIX

Monitor for new issues

New vulnerabilities are discovered every day. Get notified if your application is affected

MONITOR APP