Skip to content

DEPENDENCIES.md

Latest commit

 

History

History
131 lines (99 loc) · 4.53 KB

DEPENDENCIES.md

File metadata and controls

131 lines (99 loc) · 4.53 KB

RAPTOR Dependencies and Attribution

What RAPTOR Includes

Bundled with RAPTOR:

  • Custom Semgrep rules (engine/semgrep/rules/) - Written by RAPTOR authors, MIT licensed
  • CodeQL query suites (engine/codeql/suites/) - Configuration files, MIT licensed
  • Python code (all packages/, core/) - Written by RAPTOR authors, MIT licensed

No external binaries or libraries are bundled with RAPTOR.

External Tools (User Installs)

RAPTOR requires users to install these external tools. RAPTOR does not bundle them. You can use the devcontainer if you'd like to get these bundled.

Warning: Without bundling, RAPTOR auto-downloads tools as needed.

Note on licensing: Be sure to examine licenses for these tools prior to using them. For example CodeQL does not allow commerical use.

Required Tools

Semgrep (Static analysis scanner)

  • Install: pip install semgrep
  • License: LGPL 2.1
  • Source: https://github.com/semgrep/semgrep
  • Usage: RAPTOR calls semgrep command-line tool
  • Note: User installs separately, not bundled with RAPTOR

Python packages (from requirements.txt)

  • requests (Apache 2.0)
  • anthropic (MIT)
  • tabulate (MIT)
  • Install: pip install -r requirements.txt
  • Note: Managed by pip, not bundled with RAPTOR

Optional Tools (Install When Needed)

AFL++ (Binary fuzzer)

CodeQL (Static analysis engine)

rr (Record-replay debugger)

gcov (Code coverage tool)

  • Install: Bundled with gcc (no separate install needed)
  • License: GPL (part of GCC)
  • Source: https://gcc.gnu.org/onlinedocs/gcc/Gcov.html
  • Usage: RAPTOR uses for code coverage analysis in /crash-analysis command
  • Note: Automatically available with gcc installation

AddressSanitizer (Memory error detector)

  • Install: Built into gcc >= 4.8 and clang >= 3.1 (compile flag: -fsanitize=address)
  • License: Apache 2.0
  • Source: https://github.com/google/sanitizers
  • Usage: RAPTOR detects ASAN builds for enhanced crash diagnostics
  • Note: Compile-time instrumentation, enabled via compiler flag

System Tools (Pre-installed on Most Systems)

LLDB (Debugger)

  • Pre-installed: macOS (Xcode Command Line Tools)
  • License: Apache 2.0 (part of LLVM)
  • Usage: RAPTOR uses for crash analysis on macOS
  • Note: Part of operating system, not bundled

GDB (Debugger)

  • Pre-installed: Most Linux distributions
  • License: GPL v3
  • Usage: RAPTOR uses for crash analysis on Linux
  • Install on macOS: brew install gdb (if needed)
  • Note: Part of operating system on Linux, not bundled

Standard Unix tools:

  • nm, addr2line, objdump, file, strings (GNU Binutils)
  • Pre-installed: macOS and most Linux distributions
  • License: GPL v3
  • Usage: RAPTOR uses for binary analysis
  • Note: Part of operating system, not bundled

License Summary

RAPTOR itself:

  • License: MIT
  • Copyright: Gadi Evron and Daniel Cuthbert
  • See: LICENSE file

External tools RAPTOR uses:

  • Semgrep (LGPL 2.1) - User installs
  • AFL++ (Apache 2.0) - User installs
  • CodeQL (GitHub Terms) - User installs
  • Python packages (various open source) - User installs via pip
  • System tools (GPL v3, Apache 2.0) - Pre-installed on OS

Important: RAPTOR does not bundle external tools. Users install them separately according to each tool's license terms. You can use the devcontainer if you'd like to get these bundled.

Warning: Without bundling, RAPTOR auto-downloads tools as needed.

Compliance Notes

For commercial or restricted use:

  • Review Semgrep license (LGPL 2.1) for your use case
  • Review CodeQL terms (free for security research, restrictions apply)
  • GPL tools (GDB, binutils) are used as command-line tools, not linked libraries

You should review all respective tool licenses on your own, the above is merely informational.

RAPTOR's MIT license applies only to RAPTOR's code, not to external tools users install.