Tutorial


If you are just getting started with LAPSE, the following steps are recommended:


1. Open LAPSE views in Eclipse

Click Windows | Show view | Other in Eclipse workbench:



Select all LAPSE views and open them. Also open all projects that you want to scan for vulnerabilities. Make sure that the projects you are interested in are properly configured and compile. Compilation errors will preclude LAPSE from finding all potential vulnerabilities.

2. Vulnerability Source View

Find vulnerability sources by clicking on the little error icon in the source view:


click on the image to see more

3. Vulnerability Sink View

Find vulnerability sinks by clicking on the little error icon in the sink view:


click on the image to see more

4. Provenance Tracker View

Highlight a particular variable for which you want to find out where it comes from. Click on the lookup icon in the provenance tracker view to initiate backward propagation search. Perform backward propagation from vulnerability sinks to find unsanitized source-sink paths. The screenshot below shows how the value of variable appOid propagates from the result of a call to commands.get(2) as well as an array element args[1]. As with the source and sink views, clicking on individual lines will take you to the relevant place in the application code.