Set up

You can set everything up manually or use a preconfigured VM.

Option 1 - Manual install

Download and build

Clone with:

git clone https://lnarmour@bitbucket.org/lnarmour/jast.git

Ensure that Java 10 and Maven are installed. Then build the jast package with all dependencies into a single JAR file with:

make

The resulting JAR file lives here:

./target/jast-0.1-jar-with-dependencies.jar

Import data

Install MongoDB (official documentation) and download the database dump file from here:

https://www.dropbox.com/s/z6kn060o6ap5dd7/mongo_dump.archive?dl=0

Import data with:

mongorestore -d webcontents --stopOnError --gzip --archive=./mongo_dump.archive

If you've never worked with MongoDB before then see MongoDB Notes/Reference.

Option 2 - Use preconfigured VM

A VM image with everything already installed is available here:

https://www.dropbox.com/s/07z9t4h3oxi0i62/vmware-player-12.5.7_ubuntu64-bionic.zip?dl=0

This VM comes with Java 10, Maven, MongoDB with the imported data, and a copy of the Jast git repo located at /home/ln/jast. All users have passwords of 'password'. After logging in for the first time, you should run git pull since there have probably been changes to the repo since the image was saved.

Checkpoint

There should be ~40,000 documents in your MongoDB instance after importing the archive. Open a terminal and launch the mongo Shell with mongo, and run the show dbs mongo Shell command. You should see something like this:

$ mongo
> show dbs
admin        0.000GB
local        0.000GB
webcontents 16.025GB

If you don't see webcontents listed as a database and you chose option 1 above then something went wrong with the import. Otherwise, run the command use webcontents to select the webcontents database. Then run the command db.purescripts.count() to count the number of documents in the purescripts collection. The return value should be close to 40,000.

$ mongo
> use webcontents
switched to db webcontents
> db.purescripts.count()
40463

For more information about the mongo Shell, see the official mongo Shell documentation.

Run

Currently, to avoid issues, you should run the Jast code from the repo root directory. Some of the paths in the code are hardcoded relative paths (tracking here).

Set CLASSPATH

export CLASSPATH=$CLASSPATH:target/jast-0.1-jar-with-dependencies.jar

Generate ARFF files (input to Weka)

java cool.lorenzo.jast.GenerateARFF <options>

This creates a data/ directory and places the resulting ARFF files there.

Run Classifier

java cool.lorenzo.jast.Classifier1 -i <path to ARFF file or a directory containing ARFF files>

This takes the ARFF files from the previous step and creates/evaluates a classifier.

Run Tree Edit Distance Injection

java cool.lorenzo.jast.SubtreeInterface

Generates maliciously injected javascript files into the folder "SwappedScripts". Starts at the given benign script number in the Mongo database and ends at another given number (exclusive). All of the malicious scripts in the Mongo database are attempted to be injected into every script specified by the user.

Setup Selenium Script Testing

Run the following commands:

sudo chown root:root <path to chromedriver in jast/selenium>
sudo chmod +x <path to chromedriver>

Run Selenium Script Testing

Output to command line:

java cool.lorenzo.jast.SeleniumDriver

Output to a file:

java cool.lorenzo.jast.SeleniumDriver > <name of file to be printed to>.txt

Runs each javascript file that it is passed by the specified mongo cursor. If an error occurs in a script the error message will be output.

Old Information - additional miscellaneous information.