Department of Computer Science and Technology

SOAAP

SOAAP currently supports the following command-line flags (see soaap --help):

--soaap-vulnerable-vendors=<vendor1,vendor2,...>
Comma-separated list of vendors whose code should be treated as vulnerable.
--soaap-emulate-performance
Emulate sandboxing performance.
--soaap-context-insens
Don't use context-sensitive analysis.
--soaap-list-sandboxed-funcs
List all sandboxed functions.
--soaap-list-fp-calls
List all function-pointer calls.
--soaap-infer-fp-targets
Automatically infer function-pointer targets by tracking assignments.
--soaap-list-fp-targets
List all function-pointer targets.
--soaap-list-all-funcs
List all functions in the input program.
--soaap-pedantic
Output all warnings.
--soaap-syscall-traces
Output call-stack traces for system call warnings
--soaap-summarise-traces=N
Summarise call-stack traces so that atmost the specified number of calls are shown from the top and the same number from the bottom of the trace.
--soaap-dump-rpc-graph
Dump RPC graph in both text and DOT formats. This will produce an rpcgraph.dot file.
--soaap-sandbox-platform=<none|annotated|capsicum|seccomp>
Sandbox platform to model. Accepted values are "none", "annotated", "capsicum" and "seccomp". Currently, SOAAP only models the system call semantics. "none" means that no protection exists. "Annotated" tells SOAAP to use the restrictions annotated using the __soaap_limit_syscalls, __soaap_limit_fd_syscalls and __soaap_limit_fd_key_syscalls annotations.
--soaap-report-output-formats=<console,json>
Output SOAAP's report in the specified format(s). "console" is the traditional output. Multiple output formats can be specified as a comma-separated list.
--soaap-report-file-prefix=<string>
File prefix for report output files. A suffix relevant to the output format will be added to this (e.g. .json).
--soaap-debug-module=<regex of SOAAP module name>
Output debug info for the specified SOAAP module pattern. This will only work with a debug build of SOAAP.
--soaap-debug-function=<regex of function name>
Only output debug info for the specified SOAAP function pattern. This will only work with a debug build of SOAAP.
--soaap-debug-verbosity=N
Level of debug verbosity of the aforementioned two flags.