This repository contains files necessary to use Joern to evaluate a query on JavaScript packages inside a trusted enclave.
The packages used are taken from SecBench.js
- gramine
- npm
- joern
For ubuntu:
sudo apt install npm
Follow instructions on https://docs.joern.io/installation/ Either download and run the installer, or dowload pre-build binaries and update the .env file
Example for pre-build binaries:
wget https://github.com/joernio/joern/releases/latest/download/joern-cli.zip
unzip joern-cli.zip
Example with installation script:
mkdir joern && cd joern # optional
curl -L "https://github.com/joernio/joern/releases/latest/download/joern-install.sh" -o joern-install.sh
chmod u+x joern-install.sh
./joern-install.sh --interactive
Install dependencies
Run make build-joern to create the manifest
To evaluate a package using joern in the TEE, run the following command:
./gramine_run.sh <operation> <package>
where is either "build", "analyse" or "all", and is the packages to be evaluated.