Skip to content

testable-eu/sast-tp-framework

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

246 Commits
.github/workflows
.github/workflows
 
 
.vscode
.vscode
 
 
SAST @ 60bed85
SAST @ 60bed85
 
 
discovery/joern
discovery/joern
 
 
docs
docs
 
 
qualitytests
qualitytests
 
 
scripts
scripts
 
 
testability_patterns @ 1902cf1
testability_patterns @ 1902cf1
 
 
tp_framework
tp_framework
 
 
.dockerignore
.dockerignore
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
SECURITY.md
SECURITY.md
 
 
config.py
config.py
 
 
docker-compose-dev.yml
docker-compose-dev.yml
 
 
docker-compose-tests.yml
docker-compose-tests.yml
 
 
docker-compose.yml
docker-compose.yml
 
 
example.env
example.env
 
 
pytest.ini
pytest.ini
 
 
requirements-dev.txt
requirements-dev.txt
 
 
requirements.txt
requirements.txt
 
 
setup.py
setup.py
 
 

Repository files navigation

TP-Framework: Testability Pattern Framework for SAST

Python Generic badge License

TP-Framework relies on testability patterns to reduce false positive/negative rate in SAST analysis over supported programming languages. Testability patterns are code patterns that make difficult for SAST tools to detect a vulnerability.

TP-Framework enables operations such as:

  • measurement of SAST tools against a catalog of testability patterns, and
  • discovery of testability patterns within application source code

In the future, we aim to enable patterns' transformations from the framework to improve the testability of the application to be scanned via SAST.

OWASP Project: This project has a OWASP website available at: https://owasp.org/www-project-testability-patterns-for-web-applications/.

Quick Start

Concepts

How to

Testability Patterns

So far, we have created a catalog of testability patterns for the following programming languages:

  • Java
  • PHP
  • JavaScript

The complete list of patterns is available at Testability Patterns for SAST repository (also included as a submodule of this project .\testability_patterns).

Running

After following the installation instructions, you can run the TP-Framework with docker:

$ docker-compose up --build
$ docker-compose run -d --name <CONTAINER_NAME> tp-framework
$ docker exec -it <CONTAINER_NAME> bash

Then, run the following command inside the docker container to see the CLI options.

tpframework -h

Documentation

Detailed documentation is available in the docs folder. Also, a related publication presented at NDSS 2022 is available here.

Contributions

You can contribute to this repository through bug-reports, bug-fixes, new code or new documentation. For any report, please raise an issue in the repository before submitting a PR. We welcome suggestions and feedback from the community.

Publications

To see the complete list publications, please visit https://testable.eu/publications/.

News

Follow us on Twitter on @Testable_EU or check out TESTABLE website available at https://testable.eu/.

License

This project is licensed under Apache License Version 2.0 . See LICENSE for more information.

Acknowledgements

This project received funding from the European Union's Horizon 2020 research and innovation programme under grant agreement No. 101019206.


Funded by the European Union

About

TP-Framework: Testability Pattern Framework for SAST

owasp.org/www-project-testability-patterns-for-web-applications/

Resources

Readme

License

Apache-2.0 license

Security policy

Security policy
Activity
Custom properties

Stars

11 stars

Watchers

4 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 7

Languages