C++ ecosystem analyzer plugin for AttackMap (Crow, Pistache, Drogon, cpprestsdk; libcurl/cpr; OpenSSL/Botan/libsodium/Crypto++; libpqxx/mongocxx/redis-plus-plus).
Project description
attackmap-analyzer-cpp
C++ ecosystem analyzer for AttackMap.
This analyzer extracts structured signals from C++ source trees (.cpp, .cc, .cxx, .hpp, .hxx, .ipp, .tpp):
- Web frameworks — Crow (
CROW_ROUTEmacro with.methods("POST"_method, ...)chain), Pistache (Routes::Get/Post/...), Drogon (registerHandlerwith explicit method list ANDADD_METHOD_TOmacro), cpprestsdk / Casablanca (http_listener("https://...")URL extraction) - HTTP clients (external calls) — libcurl (
CURLOPT_URLliterals), cpr (cpr::Get(cpr::Url{"..."}),cpr::Post(...)), cpprestsdk (web::http::client::http_client(URL)) - Databases — libpqxx (
pqxx::connection,pqxx::work), MySQL X DevAPI (mysqlx::Session), mongocxx (mongocxx::client+mongocxx::uri), redis-plus-plus (sw::redis::Redis), SOCI (soci::session), sqlite_orm (sqlite_orm::make_storage) - Auth/crypto — OpenSSL (TLS / EVP / RAND), Botan (
TLS::Server,Cipher_Mode,PKCS5_PBKDF2,Scrypt), libsodium (crypto_pwhash→ argon2,crypto_secretbox, AEAD primitives), Crypto++ (CryptoPP::AES,CryptoPP::SHA256,CryptoPP::Argon2,CryptoPP::HMAC), JWT C++ libraries (jwt::create,jwt::decode,jwt::verify) - Secrets —
std::getenv,getenvwith secret-shaped names - Service hints — project name from
CMakeLists.txtproject(NAME ...)declaration
All emissions populate AttackMap's Signal v2 fields (line numbers + evidence snippets + confidence) so downstream insights can cite path/to/file.cpp:NN.
Install
pip install git+https://github.com/mlaify/attackmap-analyzer-cpp.git
The analyzer is auto-discovered by AttackMap via the attackmap.analyzers entry-point group.
Usage with AttackMap
# Auto-discovered when installed:
attackmap analyze /path/to/cpp/repo
# Or invoke explicitly:
attackmap analyze /path/to/cpp/repo --module cpp
Detection
detect() returns true when any .cpp, .cc, .cxx, .hpp, .hxx, .ipp, or .tpp file is present, ignoring build/, .git/, _deps/, third_party/, vendor/, external/, .cache/, out/, Debug/, Release/, and node_modules/.
This analyzer does not claim .h files — those are handled by the C analyzer (attackmap-analyzer-c). A repo with only .c and .h files is not picked up here.
Coverage notes
- Marked experimental: like the C analyzer, regex coverage of C++ has more false-positive risk than language-specific analyzers with strict imports. Confidence tiering is the primary defense (0.9 for hash-class auth primitives, 0.85 for canonical TLS / cipher / JWT API hits, 0.6 for keyword sweeps).
- Crow
.methods("X"_method)chains: when present, the route emits one Route per method in the chain. When absent, the route emits with methodANY. - Drogon
registerHandlerandADD_METHOD_TO: both shapes are extracted, including the{Drogon::Get, Drogon::Post}initializer-list form which produces multiple Routes. - cpprestsdk listener routes: only the path component of the listener's URL is extracted as a Route. Per-method handlers (
listener.support(methods::GET, ...)) are not separately emitted — that would require tracking the listener's lifetime. - C++ shares vocabulary with C (libcurl, OpenSSL, libsodium). Those patterns are duplicated here so a pure-C++ project without the C analyzer installed still gets full coverage. AttackMap's overlay deduplication handles double-firing.
- Pure-template / header-only ORM (sqlite_orm, sqlpp11): only basic detection via headers and
make_storage; column-level extraction is out of scope.
License
MIT
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file attackmap_analyzer_cpp-0.1.0.tar.gz.
File metadata
- Download URL: attackmap_analyzer_cpp-0.1.0.tar.gz
- Upload date:
- Size: 14.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e274707d8b24fa28d9c16a954ce9837d7638c82df92801e70384db4a7e8ef911
|
|
| MD5 |
b15c05b45f86bee2c5756a67da143c6f
|
|
| BLAKE2b-256 |
268080945873d31ffc8f61c89a1aadbf8b90b49dd0a328d934af91f77b7110d1
|
Provenance
The following attestation bundles were made for attackmap_analyzer_cpp-0.1.0.tar.gz:
Publisher:
release.yml on mlaify/attackmap-analyzer-cpp
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
attackmap_analyzer_cpp-0.1.0.tar.gz -
Subject digest:
e274707d8b24fa28d9c16a954ce9837d7638c82df92801e70384db4a7e8ef911 - Sigstore transparency entry: 1954558884
- Sigstore integration time:
-
Permalink:
mlaify/attackmap-analyzer-cpp@bdc8c8f37f2ddfef2ad355e52e74240a58197e54 -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/mlaify
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@bdc8c8f37f2ddfef2ad355e52e74240a58197e54 -
Trigger Event:
push
-
Statement type:
File details
Details for the file attackmap_analyzer_cpp-0.1.0-py3-none-any.whl.
File metadata
- Download URL: attackmap_analyzer_cpp-0.1.0-py3-none-any.whl
- Upload date:
- Size: 10.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b8ef9782dc58d993667db573425a1f282a3221d4a1bdc5045242b1a5d3781d16
|
|
| MD5 |
888aee5d5b444589cad254e3a2795d5b
|
|
| BLAKE2b-256 |
4aff31262202273441260d83fa2623d95844110670f4e41a6246ffb5e067820c
|
Provenance
The following attestation bundles were made for attackmap_analyzer_cpp-0.1.0-py3-none-any.whl:
Publisher:
release.yml on mlaify/attackmap-analyzer-cpp
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
attackmap_analyzer_cpp-0.1.0-py3-none-any.whl -
Subject digest:
b8ef9782dc58d993667db573425a1f282a3221d4a1bdc5045242b1a5d3781d16 - Sigstore transparency entry: 1954558972
- Sigstore integration time:
-
Permalink:
mlaify/attackmap-analyzer-cpp@bdc8c8f37f2ddfef2ad355e52e74240a58197e54 -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/mlaify
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@bdc8c8f37f2ddfef2ad355e52e74240a58197e54 -
Trigger Event:
push
-
Statement type: