Wednesday, 23 January 2013

Installing and using LAPSE Plus in BackTrack 5/Ubuntu

An interesting tool for Java source code analysis is OWASP LAPSE Plus.
You can see the instructions to set it up on the project's page or here.

OWASP LAPSE Plus requires Eclipse Helios and a number of people who know more than me at stack overflow suggest that you should not install eclipse using apt-get.

This means you need to install Eclipse Helios from here or OWASP LAPSE Plus will not work (you can see the pain I just saved you here).
Installing any other Eclipse version will result in OWASP LAPSE Plus crashing like this when you try to use it:

An internal error occurred during: "Computing Sources". java.lang.NullPointerException

This is quite basic but worth a mention, make sure you get the right Eclipse version for your operating system (32 or 64 bits):

#uname -a
Linux bt 3.2.6 #1 SMP Fri Feb 17 10:34:20 EST 2012 x86_64 GNU/Linux

Knowing the number of bits of our OS (64 bits from the command above) we know which "Eclipse IDE for Java Developers" version to download:



After you download the eclipse bundle, you need to uncompress it, for example (this creates the eclipse directory):

root@bt:~# tar xvfz eclipse-java-helios-SR2-linux-gtk-x86_64.tar.gz

Now we need to download the OWASP LAPSE Plus plugin into the Eclipse plugins directory in Backtrack:

root@bt:~# cd eclipse/
root@bt:~/eclipse# cd plugins/
root@bt:~/eclipse/plugins# wget http://evalues.es/downloads/owasp/LapsePlus_2.8.1.jar
--2013-01-21 20:37:52--  http://evalues.es/downloads/owasp/LapsePlus_2.8.1.jar
Resolving evalues.es... 163.117.174.60
Connecting to evalues.es|163.117.174.60|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 213623 (209K) [application/java-archive]
Saving to: `LapsePlus_2.8.1.jar'

100%[=============================================================================================>] 213,623      492K/s   in 0.4s   

2013-01-21 20:37:52 (492 KB/s) - `LapsePlus_2.8.1.jar' saved [213623/213623]


After that:
- Close Eclipse if you had it open
- Start Eclipse:

Use an ampersand to keep the shell window usable:
root@bt:~/eclipse# ./eclipse &

Now Eclipse Helios loads:
You will be asked for a workspace directory, /root/workspace will be fine for most.

- Go to Window / Show View / Other
- Select all the views and click OK:


After clicking OK you should have 3 panels:





The problem now is that the panels are empty, to perform a source code analysis you are supposed to:
0) Make sure all project dependencies are solved
1) Open a project
2) Click on the "scan sources" icon

If you run into further issues the following patch might help.

Good luck!