English

A Language-Independent Analysis Platform for Source Code

Cryptography and Security 2022-03-17 v1

Abstract

In this paper, we present the CPG analysis platform, which enables the translation of source code into a programming language-independent representation, based on a code property graph. This allows security experts and developers to capture language level semantics for security analyses or identify patterns with respect to code compliance. Through the use of fuzzy parsing, also incomplete or non-compilable code, written in different programming languages, can be analyzed. The platform comprises an analysis library and interfaces to query, interact with or visualize source code graphs. This set of CPG tools allows finding common weaknesses in heterogeneous software environments, independently of the underlying programming language.

Keywords

Cite

@article{arxiv.2203.08424,
  title  = {A Language-Independent Analysis Platform for Source Code},
  author = {Konrad Weiss and Christian Banse},
  journal= {arXiv preprint arXiv:2203.08424},
  year   = {2022}
}

Comments

4 pages, 1 figure

R2 v1 2026-06-24T10:15:15.031Z