MASC Journal Submission Artifact

In this repository, we have linked the supplementary appendix files, source code of MASC, mutated apps, and tool results. Because of the space limitations of GitHub Large File System (LFS) we could not put everything in the same, monolithic repository.

Supplementary materials/Links

1. Online Appendix (PDF, in this repository)
2. Source code of MASC - [Link] (separately maintained repository)
3. APKs of Android Applications Mutated using MASC - [Link]
4. Source code of Android Applications Mutated using Exhaustive Scope of MASC - [Link]
5. Source code of Android Applications Mutated using Similarity Scope of MASC - [Link]
6. Crypto-detector analysis Results - [Part 1]
   1. CodeQL
   2. CryptoGuard
   3. FindSecBugs
   4. ShiftLeft
   5. QARK
   6. CogniCrypt with CrySL
7. Crypto-detector analysis Results - [Part 2]
   1. Amazon Code Guru
   2. Codiga - [Merged with DataDog and shutting down in May 4th | No rules for Java]
   3. Snyk
   4. DeepSource
   5. SonarQube

Previous Publication

• A. S. Ami, N. Cooper, K. Kafle, K. Moran, D. Poshyvanyk, and A. Nadkarni, “Why Crypto-detectors Fail: A Systematic Evaluation of Cryptographic Misuse Detection Techniques,” in 2022 IEEE Symposium on Security and Privacy (S&P), San Francisco, CA, USA, May 2022, pp. 397–414, doi: 10.1109/SP46214.2022.9833582 [Online]. Available at: https://ieeexplore.ieee.org/document/9833582

Tool Demonstration

• A. S. Ami et al., “MASC: A Tool for Mutation-Based Evaluation of Static Crypto-API Misuse Detectors,” in Proceedings of the ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE’23), Demonstration Track, San Francisco, Dec. 2023, doi: 10.1145/3611643.3613099.