Introducing Mirage engine

During the latest days I the Owasp team figured out a possible approach to application modeling issue. Our main problem is to build a model starting from a bunch of source file and using that model to perform static analysis.

I designed a new architectural block, the Mirage engine to accomplish this task. You can look at the following diagram to have a possible picture of Orizon v1.2 architecture.

More in details, that’s the internals of the Mirage subsystem. A bunch of translators (we’re moving to javacc/freecc parser generator to build our translators) will parse the source files building in memory ASTs.

Starting from the ASTs, Mirage core classes will inspect the trees retrieving useful information and building the model itself. The output won’t be a single file but a couple of XML files:

  • a custom schema XML file containing application stats
  • an XML file with Dinis Cruz O2 CIR file format containing the model itself

This choice can let Orizon be able to produce a model that O2 can understand.

Here is an image that explains better Mirage internals:


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s