Skip to content

Releases: secure-software-engineering/Boomerang

4.1.0

25 Apr 11:24
@smeyer198 smeyer198
4.1.0
32effa6
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
4.1.0 Latest
Latest

Boomerang 4.1.0 Migration Guide

This guide provides instructions for migrating from Boomerang 4.0.0 to Boomerang 4.1.0. This release introduces a few structural API updates and a major new feature: integration with the OPAL static analysis framework.

Table of Contents

General Changes

Boomerang 4.1.0 includes internal refactorings and a number of breaking API changes aimed at improving clarity and extensibility. Key highlights include:

  • Refactored packages and class organization
  • API method renaming and interface abstraction
  • New OPAL static analysis support

Upgrade to Boomerang 4.1.0

Maven

<dependency>
  <groupId>de.fraunhofer.iem</groupId>
  <artifactId>boomerangPDS</artifactId>
  <version>4.1.0</version>
</dependency>

<dependency>
  <groupId>de.fraunhofer.iem</groupId>
  <artifactId>boomerangScope</artifactId>
  <version>4.1.0</version>
</dependency>

<dependency>
  <groupId>de.fraunhofer.iem</groupId>
  <artifactId>boomerangScope-{your-framework}</artifactId>
  <version>4.1.0</version>
</dependency>

<dependency>
  <groupId>de.fraunhofer.iem</groupId>
  <artifactId>WPDS</artifactId>
  <version>4.1.0</version>
</dependency>

<!-- Optional: for the IDEAL taint analysis PDS -->
<dependency>
  <groupId>de.fraunhofer.iem</groupId>
  <artifactId>idealPDS</artifactId>
  <version>4.1.0</version>
</dependency>

Gradle

 implementation("de.fraunhofer.iem:boomerangPDS:4.1.0")
 implementation("de.fraunhofer.iem:boomerangScope:4.1.0")
 implementation("de.fraunhofer.iem:boomerangScope-{your-framework}:4.1.0")
 implementation("de.fraunhofer.iem:WPDS:4.1.0")
 implementation("de.fraunhofer.iem:idealPDS:4.1.0") //Optional: for the IDEAL taint analysis PDS

OPAL Integration

Boomerang now supports the OPAL static analysis framework. This allows Boomerang to operate on OPAL IR (Intermediate Representation), enabling deeper and more precise analysis capabilities.

Package and Class Refactoring

NoWeight Class Relocated

The NoWeight class, previously a nested class within wpds.impl.Weight, has been moved to its own top-level class within the wpds.impl package.

Version 4.0.0 Version 4.1.0
wpds.impl.Weight.NoWeight wpds.impl.NoWeight

Action Required: Update import statements and usage references to point to the new location.

API Changes

[IdealPDS] Zero and One Identity Weights

In version 4.0.0, identity one and zero transition functions were retrieved using static methods. In version 4.1.0, they are accessed via singleton instance fields in dedicated classes.

Version 4.0.0 Version 4.1.0
typestate.TransitionFunction.one() typestate.TransitionFunctionOne.one()
typestate.TransitionFunction.zero() typestate.TransitionFunctionZero.zero()

Before

TransitionFunction.one();
TransitionFunction.zero();

After

TransitionFunctionOne.one();
TransitionFunctionZero.zero();

[IdealPDS] Transition Function Interface

In IdealPDS 4.1.0, the typestate.TransitionFunction is now an interface, instead of a concrete class. This change improves flexibility and testability in the Boomerang typestate analysis module.

Concrete instances should now be created using the new TransitionFunctionImpl class.

4.0.0 Type 4.1.0 Equivalent
typestate.TransitionFunction typestate.TransitionFunction (interface) + TransitionFunctionImpl (implementation)

Example

Before (4.0.0):

TransitionFunction tf = new TransitionFunction(...);

After (4.1.0):

TransitionFunction tf = new TransitionFunctionImpl(...);

Method Renaming

The method for retrieving the declared method of an invocation expression has been renamed for clarity:

4.0.0 Method 4.1.0 Method
boomerang.scope.InvokeExpr.getMethod() boomerang.scope.InvokeExpr.getDeclaredMethod()

Before (4.0.0)

SootMethod method = invokeExpr.getMethod();

After (4.1.0)

SootMethod method = invokeExpr.getDeclaredMethod();

Summary of Migration Steps

To migrate your project to Boomerang 4.1.0, follow these steps:

  1. Update your project dependency to use version 4.1.0.
  2. Adjust imports:
    • Replace references to wpds.impl.Weight.NoWeight with wpds.impl.NoWeight.
  3. Update API usages:
    • Replace TransitionFunction.one() and zero() with TransitionFunctionOne.one() and TransitionFunctionZero.zero().
    • Replace InvokeExpr.getMethod() with InvokeExpr.getDeclaredMethod().
    • Replace ITransition with the Transition interface and instantiate via TransitionFunctionImpl as needed.
Assets 2
Loading

4.0.0

23 Apr 16:12
@smeyer198 smeyer198
4.0.0
65c5657
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
4.0.0
  • Removed Soot components from Boomerang and IDEal
  • Boomerang and IDEal now run solely on the BoomerangScope (now concrete frameworks are required)
Loading

SPDS 3.2.3

07 Feb 12:37
@smeyer198 smeyer198
3.2.3
0df65ec
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
SPDS 3.2.3
  • Extend scopes with method to extract return types
  • Fix a bug in IDEal where the weights were shfited by one statement
Loading

SPDS 3.2.2

06 Nov 14:42
@smeyer198 smeyer198
3.2.2
ff69898
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
SPDS 3.2.2

-Fix a bug where dataflows in called methods are included in the analysis, although they should be excluded from the analysis

Loading