mcpp


Namemcpp JSON
Version 1.1.1 PyPI version JSON
download
home_pageNone
SummaryMcCabe++ (mcpp): cyclomatic complexity and other vulnerability-related code metrics
upload_time2024-07-23 12:30:33
maintainerNone
docs_urlNone
authorNone
requires_python>=3.9
licenseMIT License Copyright (c) 2023 Lukas Pirch Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
keywords vulnerability code metric static analysis
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage No coveralls.
            # McCabe++ (mcpp)

<img src="https://github.com/LPirch/mcpp/blob/master/media/mcpp.jpeg?raw=true" height=400/>

`mcpp` measures typical code complexity metrics like McCabe's cyclomatic
complexity.

The goal of this project is to provide a re-usable script to analyze C/C++
source code and extract complexity metrics from it. The implemented metrics
are taken from the [paper](https://xiaoningdu.github.io/assets/pdf/leopard.pdf)

> LEOPARD: Identifying Vulnerable Code for Vulnerability Assessment through Program Metrics  

This tool is released as part of our research in vulnerability discovery and 
has been used in our paper

> SoK: Where to Fuzz? Assessing Target Selection Methods in Directed Fuzzing" 

See also the corresponding [repo](https://github.com/wsbrg/crashminer).

## Complexity Metrics

| Dimension            | ID | Metric Description             |
|----------------------|----|--------------------------------|
| CD1: Function        | C1 | cyclomatic complexity          |
| CD2: Loop Structures | C2 | number of loops                |
|                      | C3 | number of nested loops         |
|                      | C4 | maximum nesting level of loops |

## Vulnerability Metrics

| Dimension               | ID  | Metric Description                                                        |
|-------------------------|-----|---------------------------------------------------------------------------|
| VD1: Dependency         | V1  | number of parameter variables                                             |
|                         | V2  | number of variables as parameters for callee function                     |
| VD2: Pointers           | V3  | number of pointer arithmetic                                              |
|                         | V4  | number of variables involved in pointer arithmetic                        |
|                         | V5  | maximum number of pointer arithmetic operations a variable is involved in |
| VD3: Control Structures | V6  | number of nested control structures                                       |
|                         | V7  | maximum nesting level of control structures                               |
|                         | V8  | maximum number of control-dependent control structures                    |
|                         | V9  | maximum number of data-dependent control structures                       |
|                         | V10 | number of if structures without else                                      |
|                         | V11 | number of variables involved in control predicates                        |



## Setup

Build a docker container which performs the setup automatically or run the
installation on your local machine:

```sh
pip install .
```

> Note: It is recommended to install packages in virtual environments.


## Usage

### From Python

Simply import `mcpp` and then use the extract function (or one of its variants).

```python
from pathlib import Path
from mcpp import extract

input_dir = Path("some/dir")
in_files = list(input_dir.glob("**/*.c"))
result = extract(in_files)

# to extract only a subset of the metrics
result = extract(in_files, ["V1", "C3"])

# full list of metrics:
from mcpp import METRICS
print(list(METRICS.keys()))
```


### CLI

Configuration parameters can be changed in `config.yaml` or directly on the CLI
with e.g. `mcpp paths.out_root=some/dir`.

Using all defaults:
```sh
mcpp                # with default params like input directory, see config.yaml
```

Changing params from command line:
```sh
mcpp in_path=/some/dir/single_source out_path=single_source_metrics.json
mcpp metrics=\[C1,C2,V4\]
```

Or by passing a changed `config.yaml`:
- `-cp` (config_path) specifies the absolute path to the directory where the config file is located
- `-cn` (config_name) specifies the name of the config file
```sh
mcpp -cp /some/other/dir -cn myconfig.yaml
```

Try out the example:

```sh
mcpp in_path=examples/data/source paths.out_root=examples/data-out
cat examples/data-out/complexity.json
```

            

Raw data

            {
    "_id": null,
    "home_page": null,
    "name": "mcpp",
    "maintainer": null,
    "docs_url": null,
    "requires_python": ">=3.9",
    "maintainer_email": null,
    "keywords": "vulnerability, code metric, static analysis",
    "author": null,
    "author_email": "Lukas Pirch <lukas.pirch@tu-berlin.de>",
    "download_url": "https://files.pythonhosted.org/packages/24/1f/0132b4e2db92ebded01463dffd7a123d72b68f48df5e9153e5559b2566dc/mcpp-1.1.1.tar.gz",
    "platform": null,
    "description": "# McCabe++ (mcpp)\n\n<img src=\"https://github.com/LPirch/mcpp/blob/master/media/mcpp.jpeg?raw=true\" height=400/>\n\n`mcpp` measures typical code complexity metrics like McCabe's cyclomatic\ncomplexity.\n\nThe goal of this project is to provide a re-usable script to analyze C/C++\nsource code and extract complexity metrics from it. The implemented metrics\nare taken from the [paper](https://xiaoningdu.github.io/assets/pdf/leopard.pdf)\n\n> LEOPARD: Identifying Vulnerable Code for Vulnerability Assessment through Program Metrics  \n\nThis tool is released as part of our research in vulnerability discovery and \nhas been used in our paper\n\n> SoK: Where to Fuzz? Assessing Target Selection Methods in Directed Fuzzing\" \n\nSee also the corresponding [repo](https://github.com/wsbrg/crashminer).\n\n## Complexity Metrics\n\n| Dimension            | ID | Metric Description             |\n|----------------------|----|--------------------------------|\n| CD1: Function        | C1 | cyclomatic complexity          |\n| CD2: Loop Structures | C2 | number of loops                |\n|                      | C3 | number of nested loops         |\n|                      | C4 | maximum nesting level of loops |\n\n## Vulnerability Metrics\n\n| Dimension               | ID  | Metric Description                                                        |\n|-------------------------|-----|---------------------------------------------------------------------------|\n| VD1: Dependency         | V1  | number of parameter variables                                             |\n|                         | V2  | number of variables as parameters for callee function                     |\n| VD2: Pointers           | V3  | number of pointer arithmetic                                              |\n|                         | V4  | number of variables involved in pointer arithmetic                        |\n|                         | V5  | maximum number of pointer arithmetic operations a variable is involved in |\n| VD3: Control Structures | V6  | number of nested control structures                                       |\n|                         | V7  | maximum nesting level of control structures                               |\n|                         | V8  | maximum number of control-dependent control structures                    |\n|                         | V9  | maximum number of data-dependent control structures                       |\n|                         | V10 | number of if structures without else                                      |\n|                         | V11 | number of variables involved in control predicates                        |\n\n\n\n## Setup\n\nBuild a docker container which performs the setup automatically or run the\ninstallation on your local machine:\n\n```sh\npip install .\n```\n\n> Note: It is recommended to install packages in virtual environments.\n\n\n## Usage\n\n### From Python\n\nSimply import `mcpp` and then use the extract function (or one of its variants).\n\n```python\nfrom pathlib import Path\nfrom mcpp import extract\n\ninput_dir = Path(\"some/dir\")\nin_files = list(input_dir.glob(\"**/*.c\"))\nresult = extract(in_files)\n\n# to extract only a subset of the metrics\nresult = extract(in_files, [\"V1\", \"C3\"])\n\n# full list of metrics:\nfrom mcpp import METRICS\nprint(list(METRICS.keys()))\n```\n\n\n### CLI\n\nConfiguration parameters can be changed in `config.yaml` or directly on the CLI\nwith e.g. `mcpp paths.out_root=some/dir`.\n\nUsing all defaults:\n```sh\nmcpp                # with default params like input directory, see config.yaml\n```\n\nChanging params from command line:\n```sh\nmcpp in_path=/some/dir/single_source out_path=single_source_metrics.json\nmcpp metrics=\\[C1,C2,V4\\]\n```\n\nOr by passing a changed `config.yaml`:\n- `-cp` (config_path) specifies the absolute path to the directory where the config file is located\n- `-cn` (config_name) specifies the name of the config file\n```sh\nmcpp -cp /some/other/dir -cn myconfig.yaml\n```\n\nTry out the example:\n\n```sh\nmcpp in_path=examples/data/source paths.out_root=examples/data-out\ncat examples/data-out/complexity.json\n```\n",
    "bugtrack_url": null,
    "license": "MIT License  Copyright (c) 2023 Lukas Pirch  Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:  The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.  THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ",
    "summary": "McCabe++ (mcpp): cyclomatic complexity and other vulnerability-related code metrics",
    "version": "1.1.1",
    "project_urls": null,
    "split_keywords": [
        "vulnerability",
        " code metric",
        " static analysis"
    ],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "1663cdcae4835c3d421e84f4534b8ff554908c43f8d5a651db0822ba473b6ce8",
                "md5": "614d0ece3769330dadeb309d63487850",
                "sha256": "b3f8c9b465e7916addab50bdb1adab08a9d3b2e0d89e1b894d1cbbe165ea60b3"
            },
            "downloads": -1,
            "filename": "mcpp-1.1.1-py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "614d0ece3769330dadeb309d63487850",
            "packagetype": "bdist_wheel",
            "python_version": "py3",
            "requires_python": ">=3.9",
            "size": 11264,
            "upload_time": "2024-07-23T12:30:31",
            "upload_time_iso_8601": "2024-07-23T12:30:31.664227Z",
            "url": "https://files.pythonhosted.org/packages/16/63/cdcae4835c3d421e84f4534b8ff554908c43f8d5a651db0822ba473b6ce8/mcpp-1.1.1-py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "241f0132b4e2db92ebded01463dffd7a123d72b68f48df5e9153e5559b2566dc",
                "md5": "404511759a3c2edb9aa8747c9f23362d",
                "sha256": "93df98d870275c95376547bdc4bb61ce22c8bf15c871e9af3624ae96395d8ac1"
            },
            "downloads": -1,
            "filename": "mcpp-1.1.1.tar.gz",
            "has_sig": false,
            "md5_digest": "404511759a3c2edb9aa8747c9f23362d",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": ">=3.9",
            "size": 10987,
            "upload_time": "2024-07-23T12:30:33",
            "upload_time_iso_8601": "2024-07-23T12:30:33.853810Z",
            "url": "https://files.pythonhosted.org/packages/24/1f/0132b4e2db92ebded01463dffd7a123d72b68f48df5e9153e5559b2566dc/mcpp-1.1.1.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2024-07-23 12:30:33",
    "github": false,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "lcname": "mcpp"
}
        
Elapsed time: 4.92136s