In this tutorial we show you how to integrate a soot-based analysis into IDEs with MagpieBridge.

The tutorial project can be found on https://github.com/MagpieBridge/Tutorial1.git

1. Create an empty maven project
2. Add dependencies (MagpieBridge, IRConverter and Soot) as specified in this pom.xml
3. Create a main class HelloWorld.java which creates an instance of magpiebridge.core.MagpieServer. The main method should look like this. It adds a magpiebridge.projectservice.java.JavaProjectService and a SimpleServerAnalysis to the server. JavaProjectService is used for resolving source code path and library code path of a Java project.

   Supplier<MagpieServer> createServer = () -> {
      MagpieServer server = new MagpieServer(new ServerConfiguration());
      String language = "java";
      IProjectService javaProjectService = new JavaProjectService();
      server.addProjectService(language, javaProjectService);
      ServerAnalysis myAnalysis = new SimpleServerAnalysis();
      Either<ServerAnalysis, ToolAnalysis> analysis = Either.forLeft(myAnalysis);
      server.addAnalysis(analysis, language);
      return server;
    };
    createServer.get().launchOnStdio();

4. Create a class SimpleTransformer.java which performs a very simple intra-procedural Taint Analysis using soot. The results of the analysis must implement magpiebridge.core.AnalysisResult, see Result.java. The source code position from wala is preserved in each corresponding Jimple Unit in form of Tag. Use the following lines to get the source code position of a Jimple Unit (see usage in TaintAnalyis.java).

    Unit n = ...;
    StmtPositionInfoTag tag = (StmtPositionInfoTag) n.getTag("StmtPositionInfoTag");
    Position stmtPos = tag.getStmtPositionInfo().getStmtPosition();

You can also get precise operand position with tag.getStmtPositionInfo().getOperandPosition(index).

5. Create a class SimpleServerAnalysis.java which implements magpiebridge.core.ServerAnalysis. Use the IRConverter to parse java source code with wala and load application classes into the soot Scene.

    WalaToSootIRConverter converter = new WalaToSootIRConverter(srcPath, libPath, null);
    converter.convert();

If you don't need very precise source code position, you can also just use soot to load all classes (bytecode). However, then you can only get line numbers.

6. In SimpleServerAnalysis.java, add a SimpleTransformer instance to the corresponding soot pack "jtp", for inter-procedural analysis add it to "wjtp". Run the corresponding soot packs.

    Transform transform = new Transform("jtp.analysis", t);
    PackManager.v().getPack("jtp").add(transform);
    PackManager.v().runBodyPacks();

7. Use maven shade plugin to build a jar file, specify HelloWorld as mainClass in the pom.xml.

8. mvn install in the project root.

9. A jar file will be created in the target directory.

10. Use this jar file as langauge server in IDEs.

11. We show how to run this HelloWorld server in Eclipse and Visual Studio Code, configurations for other IDEs or editors can be found here

• Make sure you have Java (tested version: jdk-8u211-windows-x64) and Maven (tested version: apache-maven-3.6.1) installed and they are added to the PATH variable of the operating system. Maven is used to resolve project dependencies. For the DemoProject it is not important, since the project has no external dependecy.
• Make sure you installed lsp4e http://download.eclipse.org/lsp4e/releases/latest/ (if this server doesn't work, try https://download.eclipse.org/lsp4e/releases/latest/) in Eclipse (tested version: eclipse-java-photon-R-win32-x86_64)
• Create a new launch configuration called HelloWorld
• Open Eclipse->Window->Preferences->Language Servers
• Click add -> Text -> Java Source File -> Program -> HelloWord ->OK

12. Now you can test if it works for a demo project.

• Import DemoProject as Maven project in Eclipse.

• Open a Java file in this project, this will trigger the server to run analysis.

• When the analysis finishes, server sends results to Eclipse. In the following screenshot you see a sensitive flow was detected and the sink is underlined,

13. Run the server in Visual Studio Code you need configuration files in the vscode directory

• compile and install Visual Studio Code extension from terminal:

cd PATH\\TO\\vscode
npm install
npm install -g vsce
vsce package
code --install-extension HelloWorld-0.0.2.vsix

• In Visual Studio Code it shows the data-flow path as related information in the warning messsage.