Development Guide¶
There are three primary schemas used in CTADL:
The CTADL IR schema, documented in ctadl_schema.dl
The data flow graph schema, documented in graph_schema.dl
The taint slice schema, documented in taint_schema.dl
CTADL Import & Export Plugins¶
CTADL supports two types of plugins: import and export, which enable
features in the corresponding ctadl import and ctadl export
commands, respectively. All plugins must define a few attributes and a
run function whose characteristics depend on the type of plugin. The
plugin API is currently subject to change without notice.
Import Plugins¶
Import plugins are used to define new languages for CTADL to analyze.
Import plugins must define two global attributes: language and
version.
CTADL filters plugins based on the language attribute. The Ghidra
import plugin, for example, defines the language = "PCODE"
attribute, and this is what appears as the first argument to the
ctadl import command when the plugin is installed.
The run function must support the following positional arguments:
ctadl: Thectadlmoduleargs: The raw command-line arguments fromargparseartifact: Astrthat points at the artifact the plugin uses as input. For some plugins, e.g. JADX, this is a directory. For others, it’s a file.out: Astrthat denotes a path where output should be stored. Could be a file or directory depending on the pluginOther keyword arguments that the plugin knows how to interpret.
Export Plugins¶
Export plugins are used to define external formats to which we can
export CTADL index information. Export plugins must define two global
attributes: export_formats and version.
CTADL filters plugins based on the export_formats attribute. The
networkx export plugin, for example, defines the
export_formats = ["gml"] attribute because it can export to the GML
format. The format name appears as an option for the
ctadl export --format flag when the plugin is installed.
The run function must support the following positional arguments:
ctadl: Thectadlmoduleargs: The raw command-line arguments fromargparseformat: Astr, the format chosen by the userindex: APathpointing at the index to exportout: Astrthat denotes a path where output should be stored. Could be a file or directory depending on the pluginOther keyword arguments that the plugin knows how to interpret.