Created
November 7, 2019 04:42
-
-
Save conikeec/b51d82089a2ed784e133d102a6af6fe9 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| git clone [email protected]:conikeec/tarpit.git | |
| cd tarpit | |
| mvn clean compile | |
| // Download trial distribution of Ocular. Install and thereafter fire up the prompt to commence investigation | |
| ./ocular.sh | |
| createCpgAndSp("/Users/chetanconikee/demoenv/tarpit/target/servlettarpit.war") | |
| res0: Option[Cpg] = Some(io.shiftleft.codepropertygraph.Cpg@3a183218) | |
| workspace | |
| res5: Workspace = | |
| __________________________________________________________________________________________ | |
| | name | overlays | loaded| | |
| |=========================================================================================| | |
| | servlettarpit.war | semanticcpg(l),dataflow(l),tagging(l),securityprofile(l)| true | | |
| // CPG is created and loaded to commence investigation | |
| // Get all sensitive data types classfied by the NLP engine | |
| val sensitiveTypes = getSensitiveUserDefinedTypes(cpg) | |
| // Verify if PII data is leaking on a sensitive channel without obfuscation/redaction | |
| val isPIILeaking = isPIILeaking(sensitiveTypes) | |
| // Identify if any literals match patterns (AWS/Azure keys, JWT Tokens, SaaS tokens, etc) | |
| val areTokensLeaking = areTokensLeaking(cpg) | |
| // Identify if any environmental or system data fetched is leaking? | |
| val areEnvVarsLeaking = areEnvTokensLeaking(cpg) | |
| // Identify if any Annotated models marked are violating complaince constraints | |
| val areAnnotatedModelsLeaking = getAnnotatedModels(cpg) | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment