Calls: Send in your ideas. Deadline April 1, 2024
logo
hex
Website
More info available :
https://www.aboutcode.org/
Grant
Theme fund: NGI0 Entrust
Start: 2023-10
More projects like this
Software engineering
Measurement

purl2sym

FOSS code symbols indexing system

Identifying corresponding source code compiled in natively compiled binaries is complex and important – only by knowing the code origin can one know if the code is subject to known vulnerabilities or licensing issues. In IoT and embedded devices, most of the code is composed of natively compiled binaries, with a significant Android-based ecosystem using Java with specific constraints: multiple programming languages (Java and Kotlin) and bytecode-compiled binaries. Many devices also embed secondary code (typically for admin and UI), such as Lua, JavaScript, Python, or PHP.

To help with identification of binaries, it is important to aggregate collection of identifiers and symbols from FOSS code and index them to easily retrieve the data in efficient detection engines, based on automations and binary scanners. These symbols or identifiers are essential to software identification tools such as BANG that can match symbols in source and binaries and determine the corresponding source code for a given binary code input.

purl2sym is a new data collection and indexing system to collect code symbols from FOSS source packages (and binaries in the future) and store them for reuse in other software analysis processes.

Run by AboutCode

Logo NLnet: abstract logo of four people seen from above Logo NGI Zero: letterlogo shaped like a tag

This project was funded through the NGI0 Entrust Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101069594.