antgroup / YASA-EngineLinks
YASA is an open-source static program analysis project. Its core innovation lies in a unified intermediate representation called UAST, designed to support multiple programming languages. Built on top of UAST, YASA provides a highly accurate static analysis framework.
☆167Updated this week
Alternatives and similar repositories for YASA-Engine
Users that are interested in YASA-Engine are comparing it to the libraries listed below
Sorting:
- Auto-generated CodeQL rules for matching CVE vulnerabilities and variants.☆182Updated last year
- This project runs a Model Context Protocol (MCP) server that wraps the CodeQL query server. It enables tools like [Cursor](https://cursor…☆119Updated 7 months ago
- Artifact for ICSE 2023☆50Updated 3 years ago
- ☆25Updated 3 years ago
- ☆29Updated 3 years ago
- Atropos: Effective Fuzzing of Web Applications for Server-Side Vulnerabilities☆72Updated last year
- CodeQL zero to hero blog post series challenges☆154Updated last month
- Taint analysis implementation based on Heros and Soot☆45Updated last year
- 《深入理解Semgrep》Finding vulnerabilities with Semgrep.☆57Updated 2 years ago
- a dataflow analysis framework implemented in Go, like soot☆36Updated 3 years ago
- A neurosymbolic framework for vulnerability detection in code☆258Updated 2 weeks ago
- Detecting Flow of Sensitive Data in Mini-Programs with Static Taint Analysis☆80Updated last year
- ☆27Updated last year
- ☆16Updated 2 years ago
- Soot-based taint analysis with internal Java fluent interface for security specifications in fluentTQL implemented with MagpieBridge to s…☆18Updated 9 months ago
- Some test samples for CPG execution logic.☆20Updated last year
- A benchmark to evaluate taint analysis☆28Updated 3 years ago
- Pairing Security Advisories with Vulnerable Functions Using Open-Source LLMs - DIMVA '24☆16Updated last year
- Grammar-based HTTP/2 fuzzer with mutation ability☆47Updated 3 years ago
- ☆24Updated 2 months ago
- ☆43Updated 2 years ago
- SecCodeBench is a benchmark suite focusing on evaluating the security of code generated by large language models (LLMs).☆75Updated last month
- A set of Code-ql/Joern queries to find vulnerabilities☆65Updated 4 years ago
- ReDoSHunter: A Combined Static and Dynamic Approach for Regular Expression DoS Detection☆80Updated 2 years ago
- Parser utility to generate ASTs from PHP source code suitable to be processed by Joern.☆36Updated 5 years ago
- [NDSS 2024] ReqsMiner is an innovative fuzzing framework developed to discover previously unexamined inconsistencies in CDN forwarding re…☆23Updated last year
- YASA-UAST is an intermediate representation structure for multi-language program analysis. The UAST-Parser parses code from different pro…☆52Updated this week
- A benchmark for Java gadget chain detecting algorithms.☆13Updated 4 months ago
- Testability Pattern Catalogs for SAST☆31Updated 8 months ago
- AutoSpear☆68Updated last year