{ "info": { "author": "Andy Meneely", "author_email": "andy@se.rit.edu", "bugtrack_url": null, "classifiers": [ "Development Status :: 2 - Pre-Alpha", "Environment :: Console", "Intended Audience :: Developers", "Intended Audience :: Science/Research", "License :: OSI Approved :: MIT License", "Natural Language :: English", "Operating System :: Unix", "Programming Language :: Python :: 3.5" ], "description": "# Attack Surface Meter\n\n[![Latest Version](https://badge.fury.io/py/attacksurfacemeter.svg)](https://badge.fury.io/py/attacksurfacemeter)\n[![Build Status](https://secure.travis-ci.org/andymeneely/attack-surface-metrics.svg?branch=master)](https://travis-ci.org/andymeneely/attack-surface-metrics)\n[![Coverage Status](https://img.shields.io/coveralls/andymeneely/attack-surface-metrics.svg)](https://coveralls.io/r/andymeneely/attack-surface-metrics)\n\nAttack Surface Meter is a Python package for collecting attack surface metrics from a software system. In its current version, Attack Surface Meter is capable of analyzing software systems written in the C programming language with skeletal support for analyzing software systems written in the Java programming language.\n\nThe attack surface metrics collected are:\n\n * Proximity to Entry/Exit/Dangerous - The mean of shortest unweighted path length from a function/file to Entry Points/Exit Points/Dangerous Points.\n * Risky Walk - The probability that a function/file will be invoked on a random execution path starting at the attack surface.\n\n## Installation\n\n### PyPI\n\n `pip install attacksurfacemeter`\n\n### Source\n\n `python setup.py install`\n\n## Usage\n\n### API\n\nThe Attack Surface Meter works off of the call graph representation of a software system. A call graph is parsed by the correponding *loader* to generate an internal representation. In this version, the Attack Surface Meter is capable of parsing the call graph generated by one of the following utilities:\n\n * [GNU cflow](http://www.gnu.org/software/cflow/ \"GNU cflow\")\n * [GNU gprof](https://sourceware.org/binutils/docs/gprof/ \"GNU gprof\")\n\nExtending the Attack Surface Meter to analyze a software system written in a programming language other than C or Java would require defining a new *loader* to parse a call graph generated by a particular language-specific utility.\n\n#### Example\n\nThe code snippet that follows depicts using the Attack Surface Meter API to analyze the a C program for which a call graph generated by GNU cflow is available.\n\n```\nimport os\nfrom attacksurfacemeter.call_graph import CallGraph\nfrom attacksurfacemeter.loaders.cflow_loader import CflowLoader\n\nloader = CflowLoader(os.path.expanduser('~/cflow.callgraph.txt'))\ncall_graph = CallGraph.from_loader(loader)\n```\n\nThe `call_graph` object is an instance of the `attacksurfacemeter.call_graph.CallGraph` class and supports several methods to collect the proximity and risky metrics for a given function/file. For more information on these methods, please refer to the `call_graph.py` file which has all the methods extensively documented using Python documentation comments.\n\n### Command Line\n\n```\nusage: attack_surface_meter.py [-h] [-gr {function,file}] [-c CFLOW]\n [--reverse] [-g GPROF] [-p PROCESSES]\n [-j JAVACG] [-a [P [P ...]]] [--output OUTPUT]\n [--verbose] [--showerrors]\n\nCollect attack surface metrics from the call graph representation of a\nsoftware system.\n\noptional arguments:\n -h, --help show this help message and exit\n -gr {function,file} The granularity at which the call graphs must be\n processed at.\n -c CFLOW Absolute path of the file containing the textual\n representation of the call graph generated by GNU cflow\n or of the directory containing the source code of the\n software system to be analyzed.\n --reverse cflow call graph was generated with the -r option.\n -g GPROF Absolute path of the file containing the textual\n representation of the call graph generated by GNU gprof\n or of a directory containing multiple such text files.\n -p PROCESSES Number of processes to spawn when loaded multiple gprof\n call graph files. Default is 2.\n -j JAVACG Absolute path of the file containing the textual\n representation of the call graph generated by java-\n callgraph.\n -a [P [P ...]] When using java-callgraph for call graph generation of\n android apps, specify the fully qualified package name\n of the method calls that will be included in the call\n graph. This is generally the name of the java package\n inside which the app's classes are defined.\n --output OUTPUT Absolute path of the file to which the output should be\n written to. The format of output is inferred from the\n file extension. txt, html, and xml are currently\n supported. In cases when the output format cannot be\n inferred, txt is used. When an output path is not\n specified, standard output is used.\n --verbose Output itemized report including metric values\n collected for each function/file.\n --showerrors Display errors encountered when parsing call graph (if\n any).\n```", "description_content_type": null, "docs_url": null, "download_url": "UNKNOWN", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/andymeneely/attack-surface-metrics", "keywords": null, "license": "The MIT License (MIT) Copyright (c) 2016 Andy Meneely", "maintainer": null, "maintainer_email": null, "name": "attacksurfacemeter", "package_url": "https://pypi.org/project/attacksurfacemeter/", "platform": "UNKNOWN", "project_url": "https://pypi.org/project/attacksurfacemeter/", "project_urls": { "Download": "UNKNOWN", "Homepage": "https://github.com/andymeneely/attack-surface-metrics" }, "release_url": "https://pypi.org/project/attacksurfacemeter/0.11.0/", "requires_dist": null, "requires_python": null, "summary": "Library for collecting metrics of the attack surface.", "version": "0.11.0" }, "last_serial": 2258525, "releases": { "0.1.0": [ { "comment_text": "", "digests": { "md5": "cf560678d0a657fe4607c78149132912", "sha256": "4d580a3b77a2d2cc1761f244b741c511fdb69a51196badf16934cd46a024c17a" }, "downloads": -1, "filename": "attacksurfacemeter-0.1.0.tar.gz", "has_sig": false, "md5_digest": "cf560678d0a657fe4607c78149132912", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 24599, "upload_time": "2015-03-06T00:46:22", "url": "https://files.pythonhosted.org/packages/6c/cc/a07c8f812e1d95581653b079c50ff84b0e9309e424c917203f3a84895968/attacksurfacemeter-0.1.0.tar.gz" } ], "0.10.0": [ { "comment_text": "", "digests": { "md5": "9f2394a7d08f97b23281f590ec6d00b4", "sha256": "8b34c12c1487b4cfce10ca9b8ec379a08a8ce5f4b4a0838de66d507fc4daf910" }, "downloads": -1, "filename": "attacksurfacemeter-0.10.0.tar.gz", "has_sig": false, "md5_digest": "9f2394a7d08f97b23281f590ec6d00b4", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 499056, "upload_time": "2016-03-16T03:15:11", "url": "https://files.pythonhosted.org/packages/96/e9/628cc84318ad05fa1b55814cd43de85652a9510b779d4c5c48faf43e25e7/attacksurfacemeter-0.10.0.tar.gz" } ], "0.11.0": [ { "comment_text": "", "digests": { "md5": "a0f9bd1be1e5739c58fb5ce676385372", "sha256": "a0a75675a2bab65f5cba9811a49ba6ccd2c1705721b966f8aaa16633134c790e" }, "downloads": -1, "filename": "attacksurfacemeter-0.11.0.tar.gz", "has_sig": false, "md5_digest": "a0f9bd1be1e5739c58fb5ce676385372", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 499930, "upload_time": "2016-08-02T19:19:33", "url": "https://files.pythonhosted.org/packages/20/43/9ac79ed75a07f80d1291e969eabefcdfe0b52201062bfc371dd6dda34b79/attacksurfacemeter-0.11.0.tar.gz" } ], "0.4.0": [ { "comment_text": "", "digests": { "md5": "b1e90a92ff731d932612d4d06868b7ef", "sha256": "2cf0acd66c0971ac54a281ea6528aa0ef514a48cb011d0dae4851e208d264224" }, "downloads": -1, "filename": "attacksurfacemeter-0.4.0.tar.gz", "has_sig": false, "md5_digest": "b1e90a92ff731d932612d4d06868b7ef", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 25898, "upload_time": "2015-03-25T06:01:24", "url": "https://files.pythonhosted.org/packages/68/60/cb84c24db58990657541009e5334828e5ee55f5ec397388649cc2fdb81e5/attacksurfacemeter-0.4.0.tar.gz" } ], "0.5.0": [ { "comment_text": "", "digests": { "md5": "4adbba23b2d1e5519ea10823f30cfd54", "sha256": "b4a525f824db208bb74f79d71d0b32f3710d10c59effa033d86bbaa1c506f935" }, "downloads": -1, "filename": "attacksurfacemeter-0.5.0.tar.gz", "has_sig": false, "md5_digest": "4adbba23b2d1e5519ea10823f30cfd54", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 28855, "upload_time": "2015-04-06T05:43:28", "url": "https://files.pythonhosted.org/packages/7d/a4/143f80db0360f4ef297047385b1ed619988f7010cffcaa432af0dba57337/attacksurfacemeter-0.5.0.tar.gz" } ], "0.6.0": [ { "comment_text": "", "digests": { "md5": "100934ee2110d4a8f9f9ce5a88fe65bf", "sha256": "e78aa777f0916a3aabf391cec60ff7947020c009e5aa35f753c1e929b831a3a2" }, "downloads": -1, "filename": "attacksurfacemeter-0.6.0.tar.gz", "has_sig": false, "md5_digest": "100934ee2110d4a8f9f9ce5a88fe65bf", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 28076, "upload_time": "2015-04-14T04:19:46", "url": "https://files.pythonhosted.org/packages/2f/6e/99b27eceff35369ca635b81b950c795794ea9526de621b036706659b0ae8/attacksurfacemeter-0.6.0.tar.gz" } ], "0.7.0": [ { "comment_text": "", "digests": { "md5": "916b6bdb6bea1074f490121a8e46bcc8", "sha256": "bea10925bce8b842dc514ae22857f25544f5ef71072cb97d0dc80bdbd15aa984" }, "downloads": -1, "filename": "attacksurfacemeter-0.7.0.tar.gz", "has_sig": false, "md5_digest": "916b6bdb6bea1074f490121a8e46bcc8", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 500495, "upload_time": "2015-04-19T06:44:29", "url": "https://files.pythonhosted.org/packages/66/0f/d6c5e58a3f2d2a9f8910f86033f5ed4581c7b4a4f8cc2b445cb8ca5bf6b1/attacksurfacemeter-0.7.0.tar.gz" } ], "0.7.1": [ { "comment_text": "", "digests": { "md5": "6e4d0793ce318ee3930975057c7a52e1", "sha256": "a6c303e70b090e245e7660920f5ed9293cf4b42de47de4040189aa72fea9c353" }, "downloads": -1, "filename": "attacksurfacemeter-0.7.1.tar.gz", "has_sig": false, "md5_digest": "6e4d0793ce318ee3930975057c7a52e1", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 500499, "upload_time": "2015-04-19T21:53:48", "url": "https://files.pythonhosted.org/packages/42/ae/92608f34ce607c0e413c23fd4101250e422d4bc92280cd89235a0a675a4b/attacksurfacemeter-0.7.1.tar.gz" } ], "0.7.2": [ { "comment_text": "", "digests": { "md5": "da4dfb3ecc7c01f879859dc0bfbd7d92", "sha256": "ba26e2a739c7f6e7d804366651600957ae90dc78ca1e1f8340df81968d6d2f8e" }, "downloads": -1, "filename": "attacksurfacemeter-0.7.2.tar.gz", "has_sig": false, "md5_digest": "da4dfb3ecc7c01f879859dc0bfbd7d92", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 505290, "upload_time": "2015-04-20T00:32:49", "url": "https://files.pythonhosted.org/packages/c7/0d/d5030cb30c0cee693b1d311da1a76c035a5e79324794bf43576501e89591/attacksurfacemeter-0.7.2.tar.gz" } ], "0.8.0": [ { "comment_text": "", "digests": { "md5": "4bc731f2d95dd152e829f14ac52739c6", "sha256": "47de9eb1660ab62b389407adc89e6d0b127834c1368ca53f19e30e8df0ac6e86" }, "downloads": -1, "filename": "attacksurfacemeter-0.8.0.tar.gz", "has_sig": false, "md5_digest": "4bc731f2d95dd152e829f14ac52739c6", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 505316, "upload_time": "2015-04-20T16:04:01", "url": "https://files.pythonhosted.org/packages/3e/5a/896ca4f5297003364a8ec64368ea8701e7936156b734e1a55d79ab2194ec/attacksurfacemeter-0.8.0.tar.gz" } ], "0.8.1": [ { "comment_text": "", "digests": { "md5": "25db5a4f597f6578560211b6eaccaf80", "sha256": "8b09a46f30f05be447da6a290c53f85c1557ee657afb404360aa259873a41c5c" }, "downloads": -1, "filename": "attacksurfacemeter-0.8.1.tar.gz", "has_sig": false, "md5_digest": "25db5a4f597f6578560211b6eaccaf80", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 504935, "upload_time": "2015-06-04T19:31:45", "url": "https://files.pythonhosted.org/packages/8c/52/df798617fc4f34e4557461c5ce9339aa31cf29b02d287600c4ddfc24b8ff/attacksurfacemeter-0.8.1.tar.gz" } ], "0.8.2": [ { "comment_text": "", "digests": { "md5": "a65a4e92317495eb2490cd6ea046f994", "sha256": "ea7b6e042e805a2d998edc0637577dbf46baac4bdf1d0b51a79de4e5b4416030" }, "downloads": -1, "filename": "attacksurfacemeter-0.8.2.tar.gz", "has_sig": false, "md5_digest": "a65a4e92317495eb2490cd6ea046f994", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 504945, "upload_time": "2015-06-05T20:32:34", "url": "https://files.pythonhosted.org/packages/b2/ee/2c507ce5a7994081f7ff8963bcc3fa9637d8bb0e06a40232239316d73d14/attacksurfacemeter-0.8.2.tar.gz" } ], "0.8.3": [ { "comment_text": "", "digests": { "md5": "13808b79f9ddd3bd3d4ce2c11af76942", "sha256": "030ebb157623ba745c87f92632d20a12ccc0c0c79afe61f31280667130e170b3" }, "downloads": -1, "filename": "attacksurfacemeter-0.8.3.tar.gz", "has_sig": false, "md5_digest": "13808b79f9ddd3bd3d4ce2c11af76942", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 504921, "upload_time": "2015-06-08T21:54:55", "url": "https://files.pythonhosted.org/packages/eb/b3/920ececd406fb990a3301db44e7a1af15215ce56acafe4930bdcd27f7c86/attacksurfacemeter-0.8.3.tar.gz" } ], "0.9.0": [ { "comment_text": "", "digests": { "md5": "0b68849580e54a02cf2d7c0709a165e8", "sha256": "e89b1130366af6e7a1758e4ee84c07deb0f3140f69fe5384148499554eb105a6" }, "downloads": -1, "filename": "attacksurfacemeter-0.9.0.tar.gz", "has_sig": false, "md5_digest": "0b68849580e54a02cf2d7c0709a165e8", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 505234, "upload_time": "2015-06-19T04:52:09", "url": "https://files.pythonhosted.org/packages/db/af/0687aed56e3f9f761743b8b8ba37b194db176ac6dc68c5bd9414753087b6/attacksurfacemeter-0.9.0.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "a0f9bd1be1e5739c58fb5ce676385372", "sha256": "a0a75675a2bab65f5cba9811a49ba6ccd2c1705721b966f8aaa16633134c790e" }, "downloads": -1, "filename": "attacksurfacemeter-0.11.0.tar.gz", "has_sig": false, "md5_digest": "a0f9bd1be1e5739c58fb5ce676385372", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 499930, "upload_time": "2016-08-02T19:19:33", "url": "https://files.pythonhosted.org/packages/20/43/9ac79ed75a07f80d1291e969eabefcdfe0b52201062bfc371dd6dda34b79/attacksurfacemeter-0.11.0.tar.gz" } ] }