Metadata-Version: 1.1
Name: attacksurfacemeter
Version: 0.10.0
Summary: Library for collecting metrics of the attack surface.
Home-page: https://github.com/andymeneely/attack-surface-metrics
Author: Andy Meneely
Author-email: andy@se.rit.edu
License: The MIT License (MIT) Copyright (c) 2016 Andy Meneely
Description: # Attack Surface Meter
        
        [![Latest Version](https://badge.fury.io/py/attacksurfacemeter.svg)](https://badge.fury.io/py/attacksurfacemeter)
        [![Build Status](https://secure.travis-ci.org/andymeneely/attack-surface-metrics.svg?branch=master)](https://travis-ci.org/andymeneely/attack-surface-metrics)
        [![Coverage Status](https://img.shields.io/coveralls/andymeneely/attack-surface-metrics.svg)](https://coveralls.io/r/andymeneely/attack-surface-metrics)
        
        Attack Surface Meter is a Python package for collecting attack surface metrics from a software system. In its current version, Attack Surface Meter is capable of analyzing software systems written in the C programming language with skeletal support for analyzing software systems written in the Java programming language.
        
        The attack surface metrics collected are:
        
         * Proximity to Entry/Exit/Dangerous - The mean of shortest unweighted path length from a function to Entry Points/Exit Points/Dangerous Functions.
         * Risky Walk - The probability that a function will be invoked on a random execution path starting at the attack surface.
        
        ## Installation
        
        ### PyPI
        
         `pip install attacksurfacemeter`
        
        ### Source
        
         `python setup.py install`
        
        ## Usage
        
        ### API
        
        The Attack Surface Meter works off of the call graph representation of a software system. A call graph is parsed by the correponding *loader* to generate an internal representation. In this version, the Attack Surface Meter is capable of parsing the call graph generated by one of the following utilities:
        
         * [GNU cflow](http://www.gnu.org/software/cflow/ "GNU cflow")
         * [GNU gprof](https://sourceware.org/binutils/docs/gprof/ "GNU gprof")
        
        Extending the Attack Surface Meter to analyze a software system written in a programming language other than C or Java would require defining a new *loader* to parse a call graph generated by a particular language-specific utility.
        
        #### Example
        
        The code snippet that follows depicts using the Attack Surface Meter API to analyze the a C program for which a call graph generated by GNU cflow is available.
        
        ```
        import os
        from attacksurfacemeter.call_graph import CallGraph
        from attacksurfacemeter.loaders.cflow_loader import CflowLoader
        
        loader = CflowLoader(os.path.expanduser('~/cflow.callgraph.txt'))
        call_graph = CallGraph.from_loader(loader)
        ```
        
        The `call_graph` object is an instance of the `attacksurfacemeter.call_graph.CallGraph` class and supports several methods to collect the proximity and risky metrics for a given function. For more information on these methods, please refer to the `call_graph.py` file which has all the methods extensively documented using Python documentation comments.
        
        ### Command Line
        
        ```
        usage: attack_surface_meter.py [-h] [-c CFLOW] [--reverse] [-g GPROF]
                                       [-p PROCESSES] [-j JAVACG] [-a [P [P ...]]]
                                       [--output OUTPUT] [--verbose] [--showerrors]
        
        Collect attack surface metrics from the call graph representation of a
        software system.
        
        optional arguments:
          -h, --help       show this help message and exit
          -c CFLOW         Absolute path of the file containing the textual
                           representation of the call graph generated by GNU cflow or
                           of the directory containing the source code of the software
                           system to be analyzed.
          --reverse        cflow call graph was generated with the -r option.
          -g GPROF         Absolute path of the file containing the textual
                           representation of the call graph generated by GNU gprof or
                           of a directory containing multiple such text files.
          -p PROCESSES     Number of processes to spawn when loaded multiple gprof
                           call graph files. Default is 2.
          -j JAVACG        Absolute path of the file containing the textual
                           representation of the call graph generated by java-
                           callgraph.
          -a [P [P ...]]   When using java-callgraph for call graph generation of
                           android apps, specify the fully qualified package name of
                           the method calls that will be included in the call graph.
                           This is generally the name of the java package inside which
                           the app's classes are defined.
          --output OUTPUT  Absolute path of the file to which the output should be
                           written to. The format of output is inferred from the file
                           extension. txt, html, and xml are currently supported. In
                           cases when the output format cannot be inferred, txt is
                           used. When an output path is not specified, standard output
                           is used.
          --verbose        Output itemized report including metric values collected
                           for each function.
          --showerrors     Display errors encountered when parsing call graph (if
                           any).
        ```
        
Platform: UNKNOWN
Classifier: Development Status :: 2 - Pre-Alpha
Classifier: Environment :: Console
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: Science/Research
Classifier: License :: OSI Approved :: MIT License
Classifier: Natural Language :: English
Classifier: Operating System :: Unix
Classifier: Programming Language :: Python :: 3.4
