CodeAuditAssistant

Language: English | 中文

Overview

CodeAuditAssistant is an IntelliJ IDEA plugin for JVM code auditing. It provides sink discovery, call-graph analysis, and JAR decompilation to help reviewers locate risky code paths faster.

Requirements

IntelliJ IDEA >= 2022.3
JDK 17+

Core Features

1) SinkFinder

Built-in sink rules for common Java Web vulnerabilities and risky component calls. Results are shown in IDEA Problem View and support navigation to source on double-click.

2) Code Analysis (Call Graph)

Generate call graphs for Entire project or Selected Module. Search supports:

ROOT -> SINK path search
SINK-only reverse path lookup
Search as sink from a right-clicked method

Method filter examples:

ParamType: java.lang.String,*
Annotations: @Override,@xxx

3) Decompiler (Experimental)

Supports JAR decompilation from the plugin UI. The current implementation is still under optimization.

Workflow Demo (Screenshots)

1) SinkFinder Flow

Step 1: Collect sink findings in IDEA Problem View.

Step 2: Double-click an item to jump to source code.

2) Decompiler Flow

Step 1: Select a target JAR and click Run in the decompiler panel.

3) Call-Graph Flow

Step 1: Open the Code Analysis panel and click Generate CallGraph.

Step 2: Choose the build scope (Entire or Selected Module).

Step 3: You can also build from the editor context menu on a method.

Step 4: Enable Info and Path for richer metadata and path results.

Step 5: Open the method finder panel and filter by signature/annotations.

Step 6: Example filtered method list.

Step 7: Search a ROOT -> SINK path.

Step 8: Search by SINK only when the entry point is unknown.

Step 9: Use Search as sink from right-click to auto-fill and search.

Step 10: Read runtime status (CallGraph, node count, memory, messages).

4) Search Result Icon Legend

Path node icon:

Method declaration icon:

Method invocation icon:

Object creation / method-search result icon:

Build & Run

Build plugin artifact: ./gradlew buildPlugin
Run sandbox IDE for local debugging: ./gradlew runIde
Full build: ./gradlew build

Known Limitations

Current path search is DFS-based and may not show all parallel paths in dense graphs.
Call graph is not yet persisted across sessions.
Duplicate root/source nodes may create repeated paths in some results.

Roadmap

Improve path search completeness and graph model.
Add call graph persistence and change monitoring.
Deduplicate root/source nodes and repeated paths.
Improve search-result highlighting and library JAR analysis workflow.

Name		Name	Last commit message	Last commit date
Latest commit History 74 Commits
.github/workflows		.github/workflows
.idea		.idea
.run		.run
gradle/wrapper		gradle/wrapper
img		img
src/main		src/main
.gitattributes		.gitattributes
.gitignore		.gitignore
README.md		README.md
README.zh-CN.md		README.zh-CN.md
build.gradle.kts		build.gradle.kts
gradle.properties		gradle.properties
gradlew		gradlew
gradlew.bat		gradlew.bat
settings.gradle.kts		settings.gradle.kts

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CodeAuditAssistant

Overview

Requirements

Core Features

1) SinkFinder

2) Code Analysis (Call Graph)

3) Decompiler (Experimental)

Workflow Demo (Screenshots)

1) SinkFinder Flow

2) Decompiler Flow

3) Call-Graph Flow

4) Search Result Icon Legend

Build & Run

Known Limitations

Roadmap

About

Uh oh!

Releases 6

Packages

Uh oh!

Uh oh!

Contributors

Uh oh!

Languages

Folders and files

Latest commit

History

Repository files navigation

CodeAuditAssistant

Overview

Requirements

Core Features

1) SinkFinder

2) Code Analysis (Call Graph)

3) Decompiler (Experimental)

Workflow Demo (Screenshots)

1) SinkFinder Flow

2) Decompiler Flow

3) Call-Graph Flow

4) Search Result Icon Legend

Build & Run

Known Limitations

Roadmap

About

Topics

Resources

Uh oh!

Stars

Watchers

Forks

Releases 6

Packages 0

Uh oh!

Uh oh!

Contributors

Uh oh!

Languages

Packages