Plume is a language front-end to construct ASTs based on the code-property graphs schema from JVM bytecode. Plume is graph database agnostic and can store the graphs to multiple graph databases.

Important

Plume is the original implementation of jimple2cpg. The frontend on Joern project is optimized around OverflowDB and is much more lightweight. This is project focuses on experimenting with incremental dataflow analysis and comparing database backend performance.

Versions < 0.6.3 of Plume were Kotlin based but versions from 1.0.0 onwards have been moved to a Scala implementation for better interfacing with the CPG schema library.

If your project depends on Plume I am happy to still provide maintenance and support but I recommend any new research to begin on Joern where I also spend time providing help and support.

Quickstart

One can run Plume from the plume binary which will use OverflowDB as the graph database backend if no config is found. If one would like to configure another backend then the example driver.yaml can be adjusted to include the use of another database by uncommenting and editing the respective fields given by the skeleton. E.g. using Neo4j:

database: Neo4j
params:
  hostname: localhost
  port: 7687
  username: neo4j
  password: neo4j
  txMax: 25

For more documentation and basic guides, check out the project homepage or the ScalaDoc.

Important: If you are using the TigerGraph driver you need to install the gsql_client.jarand add it to an environment variable called GSQL_CLIENT. Instructions are here e.g.,

curl https://docs.tigergraph.com/tigergraph-server/current/gsql-shell/_attachments/gsql_client.jar --output gsql_client.jar
export GSQL_HOME=`pwd`/gsql_client.jar

Remember to set the tgVersion correctly in the TigerGraphDriver.

Community

• If you have any questions or want to be involved then check out our discussions page.
• Joern's Discord. Note, this will give you temporary membership to the server. Once joined you can obtain permanent membership by being assigned role if necessary.
• Plume is primarily maintained by David Baker Effendi
  • DM on Twitter
  • Email at dbe@sun.ac.za

Known Bugs

• Due to module encapsulation in Java 17, Kryo serialization for TinkerGraphDriver will not work due to serialization errors.

Adding Plume as a Dependency

Replace X.X.X with the desired version on JitPack.

libraryDependencies ++= Seq(
  com.github.plume-oss %% plume % X.X.X
)

Don't forget to include the JCenter and JitPack repository in your build.sbt.

resolvers += "jitpack" at "https://jitpack.io"

Building from Source

Plume releases are available on JitPack. If downloading from JitPack is not an option, or you would like to depend on a modified version of Plume, you can build Plume locally and use it as an unmanaged dependency. JDK version 11 or higher is required.

git clone https://github.com/plume-oss/plume.git
cd plume
sbt stage

This will build target/scala-2.13/plume_2.13-X.X.X.jar which can be imported into your local project.

Logging

Plume uses SLF4J as the logging fascade.

Sponsored by