julia eclipse plugin user manual · the pdf report of the analysis can be downloaded by clicking...

JuliaEclipsePluginUserManual

Version 2.7.5

IntroductionThis user guide presents the Eclipse plugin of Julia. Julia is a sta c analyzer that automa cally performs seman c analysisof Java code. The Eclipse plugin allows a user to (i) set up the URL of the Julia Server and her creden als, (ii) select theop ons of the analysis and run it, and (iii) inspect the results. In addi on, this user guide explains step-by-step how toinstall the plugin.

Installation

First of all, you need to install the plugin by clicking“Help” from the bar menu, and then “Install NewSoftware”. An “Install” panel will appear.

From there, fill the “Work with” text field with theURL “h p://sta c.juliaso .com/eclipse-plugin/latest/”, then click “Add”, and select a name

A er clicking “Ok”, in the central part of the“Install” panel the components of the Julia pluginwill appear. Just click “Next” to go ahead with theinstallation.

Julia Eclipse Plugin User ManualCopyright © 2019 JuliaSoft. All rights reserved.

3

Click “Next” in the panel about the install details.

Finally, you have to accept the license and click“Finish” to start the download and installa on ofthe Julia plugin.

At the end of the installation, you will need to restart Eclipse.

Settings

The menu bar will now contain a new menu “Julia”:

- “Analyze with Julia” will open the panel to set up andstart the analysis,

- “Show Julia Analysis View” will open in the view panelthe Julia Analysis view (see "Accessing the results formore details),

- “Import Analysis from File” will allow you to load theresults of previous analyses saved in a .xml file,


4

- “Retrieve Analysis from Server...” will allow you to loadthe results of previous analyses, and

- “Preferences” will open a panel to specify the serverand the credentials to run the analysis (see below).

PreferencesFirst of all, you need to get a user account registering at h ps://portal.juliaso .com (the URL for JuliaOnPremise is shownat the Preferences section end)Once you are registered and logged in, you need to:

get your access and secret key (User Profile →Generate new credentials),

insert a Solution (Dashboard → Solutions → Insert).


5

In the “Preferences” panel, you can unable the“Offline mode”, in order to specify the URL of theJulia Analyzer (https://portal.juliasoft.com/services/PluginServicefor the cloud service, the URL for JuliaOnPremise isshown at the Preferences sec on end), your accessand secret key, and you can acquire your list ofsolu ons and select one of them. Furthermore, inthis panel you can also specify the port number forincoming requests (or let the system choose anavailable port number), which is only necessaryduring web view navigation (i.e. flow graphs view).

JuliaOnPremiseThe Julia Web Console is reachable by browser, digi ng in the URL bar the IP address of VM with the port 8080 (ex.192.168.141.131:8080); the URL of the Julia Analyzer for the eclipse plugin is compose by the IP address of VM with theport 8080 and “/services/PluginService” (ex. http://192.168.141.131:8080/services/PluginService)

Running Julia

You have two ways to run Julia:

1) From the menu bar, click “Julia” and then"Analyze with Julia"

2) Click the Julia icon


6

https://portal.juliasoft.com/services/PluginService

When star ng the analysis the “Julia Analysis”wizard will appear. From here, you have to selectthe projects you want to analyze (le part), thedependencies to include (right part) and the op onto include .proper es files launching the analysis.Then you can click “Next”.

The second step lets you choose what entry pointsthe analysis should consider (for more details seethe sec on “Extrac on of the applica on underanalysis”), the Julia framework against with theanalysis will be done, the processing mode to beused for libraries and finally the way the analysishas to threat asser on statements. Then you canclick “Next”.

The third and last step before running the analysis isto select the checkers you want to apply; checkersare represented in a tree view (le part) and manyof them have some op ons (their children). Westrongly encourage to run only the “Basic” checkersas default, and run more “Advanced” checkers onlyif needed. Julia’s website contains the exhaus veexplana on of all Julia checkers. Once you select achecker, you may choose to select some of itsop ons too (its children in the tree); the right panelwill always help you showing a brief explana on ofthe currently selected checker/op on in the tree.For each op on, you can select a specific value (e.g.,true or false) through a drop down menu at thebottom. In the bottom left part you can Save or loadconfigura ons, i.e., entry points and checkers theanalysis will apply. Finally, the analysis can belaunched by clicking “Finish”.


7

https://static.juliasoft.com/docs/latest/checkers.html

A dialog will tell you how many credits the analysiswill cost. If you want to proceed, click “Ok” and thecredit will be deducted from you account.Otherwise, click “Cancel” and the credits will not bedebited.

During the analysis, in the bo om Julia view youcan monitor the status of the analysis. It willbecome green once the analysis will be finished.

You can monitor the progresses of the analysis inthe console.

Navigating the Results

At the end of the analysis, the view “Julia Analyses”will show the results. In par cular, in the le partyou can access the list of analyses you ran. Oncechosen one of them, the central part of the view willdisplay all the warnings in a tree structure. You canthen inspect the warnings produced by differentcheckers, on different packages, etc… If you doubleclick on a warning, the line of the source code thatproduced that warning is displayed. Finally, theright part of the Julia analyses panel shows thedetails of the warning. The Eclipse code editorcontains markers on the le bar to iden fy the codelines that raised a warning. Different colorsrepresent different severi es (red for high, yellowfor medium, and green for low severity).


8

You can decide to group the warnings in the centralpanel of the Julia view in different ways. Just click

and a dialog showing all the groupingpossibili es will appear. You can decide the orderand the types of categories you want to apply togroup warnings.

The warnings will be then displayed with the newgrouping in the central panel.

In the context of flow analyses (including GDPRchecker), the rightmost column of the Julia AnalysesView lets you navigate analysis flows. A er selec nga warning on the tree, you can view its flowsclicking on the “Show” bu on that appears at theend of the analysis proper es; a new dialog will listthe flows related to the selected warning allowingto open a single graph in a web browser view.


9

The graph can be explored at the desired level:available levels are Package, Class, Method, SourceLine or Statement. This view also lets you reach theline of the source code a given node of the graphrefers to, this can be done by right clicking on thenode itself, only for Line or Statement nodes.

Managing analyses' results

In the le part of the Julia analyses view, you canselect among all the analyses you ran. Each meyou click on an analysis, the warnings’ tree will beloaded, and the markers will be updated to the onesof the selected analysis. If you right click the nameof the analysis in the le panel, you can “Reloadfrom the server” the analysis’ results. This feature ispar cularly useful if you exit the IDE while theanalysis is running, and you want to load the resultslater. In addi on, from this drop-down menu youcan also copy the analysis ID, rename or delete theanalysis and open the analysis detail in the JuliaWeb Console.

You can export the result of the analysis: click and select where to save the .xml file.

You can import the results of a completed analysisthrough

1) an .xml file by clicking and selec ng the fileyou want to import


10

2) by clicking “Retrieve Analysis from Server…” fromthe Julia’s Menu bar, and then selec ng the analysisyou want to load from the list of the analysesavailable on server for your current “Ac veSolution”.

The pdf report of the analysis can be downloadedby clicking “Save generated files” and then thereport you want to download.

You can manage the markers from the standardMarkers Eclipse view (accessible from “Show View”of the Window menu bar). From here, you can alsodelete a marker. This will be removed from the“Julia Analyses” view as well.

Extraction of the application under analysisThe Julia analyzer computes a set of methods and constructors that are assumed to be callable from the user of theprogram under analysis. They are called entry points. This means that the sta c analysis is performed as if the entry pointswere the only methods that can be called from the user of the code. Of course, if the entry points call other methods, theseother methods are analyzed as well, and so on. Julia selects the set of entry points according to three possible alternatives:

1. Only main. With this modality, Julia automa cally selects as entry points the main() methods and all methodsthat override a library method, such as run() methods of threads or equals() methods. This also includes eventhandlers of Swing or Android. Moreover, entry points explicitly marked as such by the programmer are considered.

2. All public entries. With this modality, Julia automa cally selects as entry points those selected with the previousmodality, plus all public methods and constructors.

3. All accessible. With this modality, Julia behaves as in the previous modality but assumes that non-final methods canbe redefined in subclasses. This allows one to analyze classes that are expected to be subclassed by the user of thecode. Note, however, that this reduces the precision of the analysis, since most data flow inferences cannot beperformed anymore (the code might change its behavior by subclassing).

Julia Java Project WizardThe Eclipse plugin of Julia comes with a project wizard that helps during the creation of a java project that acts as containerfor third-party classes and sources that you would like to put under analysis.


11

Open the Eclipse “New Wizard” window (Ctrl + N)and select “Julia Java Project” from the list, thenclick "Next"

Fill the “Project Name” text and op onally specify adifferent location for the project, then click "Next"


12

Select the folder for classes and op onally thefolder for sources; through the “Link classes” and“Link sources” checkboxes you may opt tophysically copy classes and/or sources within yourproject or just link them. Moreover, if your classesand sources come from the same folder, you justhave to select “Sources and classes share the samepath” once entered classes path. Finally click"Finish"

If specified paths really contain expected resources,you will find the new project within the Eclipseworkspace; in this example, the sources folder hasbeen created as a link folder


13

Note that projects created through this wizard hasinten onally no Java Builder associated, thereforeno compila on phase will ever be involved le ngclass files stay unaltered.

Julia Android Project wizardThe Julia plugin also lets you create a particular Eclipse project starting from either an apk file or the Android Studio/Gradlebuild output; this way it is possible to submit a Julia analysis in typical Android scenarios without the need of the completedevelopment toolchain installed in your machine (i.e. a release from a separate supplier/department).


14

Open the Eclipse “New Wizard” window (Ctrl + N)and select “Julia Android Project” from the list, thenclick "Next"

Fill the “Project Name” text and op onally specify adifferent location for the project, then click "Next"


15

According to the scenario you are facing with, youmay now choose to specify what you want toanalyze in two dis nct ways: providing the apk fileof your app or specifying the classes folder of theAndroid build process output. In both thesesitua ons you must also specify the frameworkagainst with the analysis will be done.

In the first case, once the apk file has beenspecifyed, the correct “Framework” is automa callypreselected deriving it from the containedAndroidManifest.xml.

In the second case, you are asked to provide boththe path of your classes and theAndroidManifest.xml of the app. Again, oncespecified, the “Framework” field will beautoma cally filled. Depending on your needs youare always free to choose a different frameworkversion.

Finally, you can op onally specify the folder forsources; through the “Link sources” checkbox youmay opt to physically copy sources within yourproject or just link them. Finally click “Finish”.

Additional features and tools

Compute MetricsThe Eclipse plugin of Julia provides an utility that let you obtain some metrics before the submit of an analysis,to evaluate in advance the logical and physical source size of your project.


16

Right click on a project (from the Package Explorerview) and choose Julia, then Compute Metrics

Requested metrics will soon be visualized in aseparated window, ready for your evaluation.

TroubleshootingWhen contac ng the Julia’s support team for a plugin issue, it is advisable to report the following informa on, in order to


17

have a quick and more precise support:

Plug-in version and Julia versionEclipse error log

WarningFor on-site installa ons, the plug-in available in the sta c files folder (available at /static/eclipse-plugin/current/)must be used, since that is the correct version for the installation.

Plug-in and Julia version

The plugin and julia version are consultable fromthe menu bar in “Julia”, clicking “About Julia”.Note: the version of Plugin and Julia could bedifferent

Eclipse error log

The Eclipse plugin of Julia in case of error or warningtracks its possible cause on the Eclipse error log. It isvisible in the bottom view panel of Eclipse.


18

If the error log view is not present, you can open itfrom the menu bar “Show View” → “Other”,digiting “Error Log” and clicking “Open” .


19

JuliaSoft is an innovative technology company specialized inadvanced code analysis solutions. For more information on thetechnology and our solutions please visit our website atwww.juliasoft.com

For any information please don’t hesitate to contact us:

JULIASOFT SRLManagement and Coordination by Corvallis Holding S.p.A.Lungadige Galtarossa, 2137133 Verona, ItalyTel +39 045 [email protected]

For technical support please write [email protected]


20

http://www.juliasoft.com

mailto:[email protected]

mailto:[email protected]

julia eclipse plugin user manual · the pdf report of the analysis can be downloaded by clicking...

Documents