Facebook today open-sourced a static analysis tool its software and security engineers use internally to find potentially dangerous security and privacy flaws in the company's Android and Java applications.
This security-focused tool, dubbed Mariana Trench (MT), can analyze large codebases of tens of millions of lines of code to spot vulnerabilities before they're introduced in the codebase.
Facebook revealed that its engineers found more than 50% of all security bugs across the company's apps using automated tools similar to Mariana Trench.
How it works
Mariana Trench works by analyzing the information flow from "sources" (user sensitive data such as passwords or locations) to "sinks" (functions or methods using data originating from sources).
Mariana Trench is specifically designed to automatically discover such issues, which, in most cases, could lead to severe privacy and security bugs.
"By default Mariana Trench analyzes dalvik bytecode and can work with or without access to the source code," Facebook explains on the tool's documentation website.
"A flow from sources to sinks indicate that for example user passwords may get logged into a file, which is not desirable and is called as an 'issue' under the context of Mariana Trench," Facebook Software Engineer Dominik Gabi said.
Developers and engineers can use the tool to focus on specific security and privacy issues by adjusting and training it by adding new rules and model generators so that it homes in on the areas sensitive data shouldn't end up.
The latest of our static analysis tools - Mariana Trench. It’s open source and designed to detect and prevent security bugs in #Android and #Java applications, more here: //t.co/1HNlvVghGJ //t.co/prOnVDpnDi
— Facebook Security (@fbsecurity) September 29, 2021
Third code analysis tool open-sourced since 2019
The company previously released two other static code analysis tools designed to detect and prevent security issues for Python code (Pysa) and Hack code (Zoncolan).
You can find the Mariana Trench code analysis tool on GitHub and its own dedicated website, a binary distribution on PyPI, and a short tutorial to help get started.
'We built MT to focus particularly on Android applications. There are differences in patching and ensuring the adoption of code updates between mobile and web applications, so they require different approaches," Gabi added.
"While server-side code can be updated almost instantaneously for web apps, mitigating a security bug in an Android application relies on each user updating the application on the device they own in a timely way.
"This makes it that much more important for any app developer to put systems in place to help prevent vulnerabilities from making it into mobile releases, whenever possible."
Some days ago we share with you important information about open source software in comparison with proprietary software. Now, we focus on Open Source software and we will do it from the perspective of one of the biggest technology monsters: Facebook.
Facebook Open Source Software is most common that you may think nowadays and this is because Facebook’s software works well, and developers in the world can make it even better.
Why Facebook is promoting Open Source Software?
They have lots of reasons. One of them is that Facebook is a customer of open source software. In the beginning, the giant platform was built from a combination of Linux, Apache, Mysql, and PHP that is called LAMP platform.
Also, we can make this assumption: If you were Facebook's owner which would be the strategy to find new and good engineers?
For Mark and other executives of Facebook, the best strategy to find new people for this team it is searching in some of these open and collaborative platforms.
Another reason for Facebook’s contribution with open source software development it could be the opportunity to get better its platform thanks to others’ contribution.
Actually, they have GitHub accounts from its backend and frontend. If you want you can make a suggestion or visit it.
In conclusion, Facebook is pro open source software from the beginning of the platform, and they will continue to be.
These are some of Facebook’s open source software projects:
There are lots of open source software that comes from Facebook. How we said they love this kind of technology.
To show you some of this software we classify them according to its purpose. In that way, we can find:
Facebook Open Source Software for Android:
- React Native
It is a framework to make native apps on Android and IOS using React, the web framework which was built by Facebook too.
Some experts think that it is not possible to build from zero an app using this software, but we think that is not only possible do it, also it will be really good if you use this technology in the best way.
- Redex
ReDex is an Android bytecode (dex) optimizer originally developed at Facebook. It provides a framework for reading, writing, and analyzing .dex files, and a set of optimization passes that use this framework to improve the bytecode. An APK optimized by ReDex should be smaller and faster than its source.
From F8 developer conference, Facebook launched this tool for Android. Basically, redex can make faster the Android Software using a few tweaks from the developers.
It is an Android accelerator that Facebook used to make 15% faster its open speed, and also this technology it is responsible for Facebook to be 25% more responsive.
That was so good for Facebook’s team that they cannot save it just for them, and that's why we can have redex now.
Source: Developer-tech
- Buck
This software was created to develop small and reusable modules of code and resources inside a monorepo. To get a context, the last term it is related to a monolithic repository where the code of your projects are stored in only one repository.
With this open source software, you will have dependencies, you can have more speed on multiple cores, you can integrate your IDE, and get incremental builds in a more correct way.
Source: Buck Build
- Rebound
In this time, we are talking about a library of Java. With this, you can create amazing animations for Android Apps which feels how if you were living it in the real world. They feel so natural.
Rebound repository is on GitHub, so if you want to check it, go there and use it.
Some experts love this software debited to its ease for use.
Source: Facebook.github
- Makeitopen
It is a software made up of tutorial series. It was launched as a Facebook open source software in 2017.
Its repository is also in Github
It is easy to use, it is simple and clean, how everything in React, and it gives you the opportunity to design an App for multiple platforms.
Source: Makeitopen
- Fresco
Managing images it going to be better using this software.
It is a system that rests in Github and it is used for displaying and loading images in Android applications.
You can find there a library to do this work. Remember that images are really necessaries and important for Apps.
Source: Frescolib
- Stetho
This software is a debug bridge. Developers of your team will have access to Chrome Developers Tools.
You can get it here
- Infer
This is a tool of static analysis that will give you some potential bugs for your project.
People behind this project love contribution that you or anyone made them. If you want to do one, let’s go to their repository.
Facebook also develop open source software for iOS:
- React Native
Facebook has built tools, programming languages, and lots of things, including a framework very common nowadays. This is React Native which is available for Android and iOS.
With him, you can create native apps using JavaScript.
- Pop
The animation behind the paper. In that way was called by Facebook’s team when this technology was launched.
Find its repository here
You can make static animations really professional using this tool.
- Shimmer for iOS
Do you want to make this?
This is possible thanks to this software developed by Facebook.
With Shimmer is possible to do animations for data loading in a UITableView, UICollectionView, and any UIView.
The animation created by Shimmer is considered how an specific effect called Shimmer Effect. Apple is responsible for this.
You can get access to its repository here.
Source: Yudiz
- Buck
This tool also applies for Android, actually, we talked about it in the last category. In addition, we share its repository, and you could make a contribution there.
For remember a little, we said that Buck is a software that helps you to build modules. These modules are supported in many languages, platforms, and also, they are small and reusable.
Source: Buck Build
- ComponentKit
This is another framework for iOS. This view framework is inspired in React, and it will help you to build your user interface in the most functional way.
Be careful, this ComponentKit is different to React Native.
Source: ComponentKit
Remember: These are some of the open source software made by Facebook. The most famous at least.
Software for web made by Facebook’s team:
- React
This library of JavaScript was though for building user interfaces. This software has the particular characteristic of being used by single pages and mobile apps.
It is one of the most important open source software of Facebook, and little by little this library has taken over developing projects in last years.
Obtain more information, tutorials or getting access to their in this source: (//reactjs.org/)
- HHVM
It is the acronym of Hip Hop Virtual Machine
It is an open-source virtual machine based on just-in-time compilation that serves as an execution engine for the PHP and Hack programming languages.
Source: Wikipedia
- Parse Server
Did you think it was impossible to create the backend without code? The answer is yes! Thanks to this software. You can get host without infrastructure’s problems or scale with no technical locks.
They say: We help developers to create better software faster
Source: back4App
- Flow
This software bring you the opportunity to manage in the easiest, faster and more effective way a project. It is literally a workflow software made by Facebook’s team.
Source: Getflow
- Nuclide
You need hackability and support for an active community. For that, developers built a package from Atom to give it.
That’s how borned this open source software for web.
Source: Nuclide
Huxley
Huxley is a test that is used for web apps for catching visual regressions.
Go directly to its code clicking here: (//github.com/facebookarchive/huxley)
Facebook’s Open Source Software for Backend
- GraphQL
It is a manipulation and consulting language built in 2012 for the Facebook’s team, but it was not until 2015 that it became on a software open source.
It is used for consulting and change open source data, and a runtime for fulfilling queries with existing data.
Source: GraphQL
Osquery
First of all, you need to know that this is a framework. Then it is important to know it is a database that allows you to write SQL-based queries efficiently and easily.
Source: Code.fb
Facebook Open Source Software has been on the table from 2012 approximately. So you are invited to use it and take advantage of him. We recommend you this. It is functional and easy technique that you can get better to improve your app, website, software or any tech project.