[Soot-list] Soot on Webgoat

Francisco G. T. Ribeiro francisco.gtr at gmail.com
Wed Sep 7 21:00:40 EDT 2016 

Hi all,

 I'm trying to learn more about call graphs for static code analysis in 
Java and now using Soot to see what I can get. Unfortunately, after many 
days, I'm still unable to run it successfully and i was hoping you could 
help me.

I'm using soot-trunk.jar from the official website against WebGoat ( 
https://github.com/WebGoat/WebGoat-Legacy/ ) but tried different versions 
in both Java 7 and 8. I believe the further I could go was:

$ java -Xss50m -Xmx1500m -classpath soot-trunk.jar:WebGoat-Legacy/src 
soot.Main -d /tmp/soot_output -ice -ire -process-dir WebGoat-Legacy/src/
Soot started on Mon Sep 05 18:06:49 PDT 2016
/root/WebGoat-Legacy/src/main/java/org/owasp/webgoat/lessons/OffByOne.java:7,8:
 Semantic Error: no visible type named org.apache.ecs.Element
/root/WebGoat-Legacy/src/main/java/org/owasp/webgoat/lessons/OffByOne.java:8,8:
 Semantic Error: no visible type named org.apache.ecs.ElementContainer
/root/WebGoat-Legacy/src/main/java/org/owasp/webgoat/lessons/OffByOne.java:9,8:
 Semantic Error: no visible type named org.apache.ecs.StringElement
...
soot.CompilationDeathException: there were errors during parsing and/or 
type checking (JastAdd frontend)
at soot.JastAddInitialResolver.formAst(JastAddInitialResolver.java:63)
at soot.JavaClassSource.resolve(JavaClassSource.java:54)
at soot.SootResolver.bringToHierarchy(SootResolver.java:243)
at soot.SootResolver.bringToSignatures(SootResolver.java:275)
at soot.SootResolver.processResolveWorklist(SootResolver.java:173)
at soot.SootResolver.resolveClass(SootResolver.java:134)
at soot.Scene.loadClass(Scene.java:805)
at soot.Scene.loadClassAndSupport(Scene.java:790)
at soot.Scene.loadNecessaryClasses(Scene.java:1528)
at soot.Main.run(Main.java:243)
at soot.Main.main(Main.java:147)

Any ideas of what else to try?

Thanks in advance!

Kind regards,
Francisco
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20160907/7548b787/attachment-0001.html

More information about the Soot-list mailing list