During the latest days
I the Owasp team figured out a possible approach to application modeling issue. Our main problem is to build a model starting from a bunch of source file and using that model to perform static analysis.
I designed a new architectural block, the Mirage engine to accomplish this task. You can look at the following diagram to have a possible picture of Orizon v1.2 architecture.
More in details, that’s the internals of the Mirage subsystem. A bunch of translators (we’re moving to javacc/freecc parser generator to build our translators) will parse the source files building in memory ASTs.
Starting from the ASTs, Mirage core classes will inspect the trees retrieving useful information and building the model itself. The output won’t be a single file but a couple of XML files:
- a custom schema XML file containing application stats
- an XML file with Dinis Cruz O2 CIR file format containing the model itself
This choice can let Orizon be able to produce a model that O2 can understand.
Here is an image that explains better Mirage internals: