A full-stack web application for analyzing C/C++ code using various static and dynamic analysis tools. The application provides a modern web interface for uploading code, configuring analysis options, and viewing security findings.
- Code Analysis: Analyze C/C++ code using multiple tools (flawfinder, cppcheck, etc.)
- Sandboxed Execution: Secure code analysis in isolated environments
- Modern UI: React-based interface with Monaco Editor for code editing
- Real-time Results: View analysis results with syntax highlighting
- Tool Selection: Choose which analysis tools to use
- Example Code: Pre-built examples for testing and learning
- Server: Express.js REST API
- Analysis Engine: Custom analyzer with tool integration
- Sandboxing: Multiple isolation methods (Firejail, QEMU, Bubblewrap)
- Job Management: Asynchronous analysis job handling
- Logging: Structured logging with Winston
- UI Framework: React with Tailwind CSS
- Code Editor: Monaco Editor with syntax highlighting
- State Management: React Context for application state
- API Integration: Axios for backend communication
- Node.js 16+
- npm or yarn
- Linux environment (for sandboxing tools)
- Firejail (recommended) or QEMU
-
Clone the repository
git clone <repository-url> cd coretrace-web
-
Install backend dependencies
cd server npm install -
Install frontend dependencies
cd ../client npm install -
Start the development servers
# Terminal 1 - Backend cd server npm run dev # Terminal 2 - Frontend cd client npm start
-
Access the application
- Frontend: http://localhost:3000
- Backend API: http://localhost:5000
Comprehensive API documentation is available in server/API_DOCUMENTATION.md.
Key Endpoints:
POST /api/analyze- Analyze code filesGET /api/tools- Get available analysis toolsGET /api/examples- Get example code snippets
The backend code is documented using JSDoc. Generate documentation by running:
cd server
npm run docsThen open server/docs/index.html in your browser.
Documented Modules:
- Services: Analyzer, JobManager, Logger, Sandbox, SARIF Parser
- Routes: Analysis, Examples, Tools endpoints
- Controllers: Request handling and validation
- Configuration: Environment and sandbox settings
Frontend components are documented with JSDoc comments:
Key Components:
App.jsx- Main application componentAnalysisContext.jsx- State management contextApiService- Backend communication- Editor components for code editing and results display
server/
├── services/ # Business logic
│ ├── analyzer.js # Main analysis orchestrator
│ ├── jobManager.js # Job lifecycle management
│ ├── sandbox.js # Execution isolation
│ ├── logger.js # Logging service
│ └── sarifParser.js # Result parsing
├── routes/ # API endpoints
├── controllers/ # Request handlers
├── middlewares/ # Express middleware
└── config/ # Configuration
client/src/
├── components/ # React components
│ └── Editor/ # Code editor components
├── context/ # React context
├── services/ # API services
└── App.jsx # Main component
Edit server/config/index.js to customize:
- Sandbox Settings: Memory limits, timeouts, isolation methods
- File Limits: Maximum file sizes and counts
- Job Management: Cleanup delays and retention periods
- Logging: Log levels and formats
Backend:
PORT- Server port (default: 5000)NODE_ENV- Environment modeQEMU_BINARY- QEMU binary pathQEMU_LIB_ROOT- QEMU library root
Frontend:
REACT_APP_API_URL- Backend API URL
cd server
npm run dev # Start with nodemon
npm run docs # Generate documentation
npm test # Run testscd client
npm start # Start development server
npm test # Run tests
npm run build # Build for production-
Backend Integration
- Add tool binary to
server/bin/ - Update
services/analyzer.jsto include new tool - Add tool configuration to
config/index.js
- Add tool binary to
-
Frontend Integration
- Update tool selection UI in
components/Editor/ - Add tool-specific result display logic
- Update tool selection UI in
Use standard JSDoc format for all functions and classes:
/**
* @function functionName
* @description Brief description of what the function does
* @param {string} paramName - Description of parameter
* @returns {Promise<Object>} Description of return value
* @throws {Error} Description of when error is thrown
*/- Update
server/API_DOCUMENTATION.mdfor new endpoints - Include request/response examples
- Document error scenarios
# Build and run with Docker Compose
docker-compose up --build- Security: Implement authentication and rate limiting
- Monitoring: Add application monitoring and logging
- Scaling: Consider job queue systems for high load
- Backup: Implement data backup strategies
-
Sandbox Failures
- Ensure Firejail is installed:
sudo apt install firejail - Check file permissions in sandbox directories
- Verify resource limits in configuration
- Ensure Firejail is installed:
-
Analysis Tool Errors
- Verify tool binaries are executable
- Check tool dependencies are installed
- Review tool-specific error logs
-
API Connection Issues
- Verify backend server is running
- Check CORS configuration
- Ensure correct API URL in frontend
- Backend: Check
server/combined.logandserver/error.log - Frontend: Browser developer console
- Sandbox: Check system logs for sandbox-related errors
- Fork the repository
- Create a feature branch
- Add tests for new functionality
- Update documentation
- Submit a pull request
[Add your license information here]
For issues and questions:
- Create an issue in the repository
- Check the documentation
- Review the troubleshooting section