What is MARK?

Codyze parses source code and checks it for compliance with predefined policies. These policies are written in a domain specific language called MARK and describe the correct and expected use of, for example security-critical, APIs.

MARK policies are separated into Entities and Rules.

  • Entities describe and group API functions at an abstract level and declare MARK variables that refer to function arguments or return values.
  • Rules describe the expected usage of these entities. A violation of a rule will result in a Finding and is shown as a warning or error in the developer's IDE.

When modeling a library, you will typically start by describing its classes or functions as MARK entitites and then write rules.

Codyze comes with a set of MARK policies for the Botan (C++), Bouncycastle (Java) and Jackson (Java) libraries, but MARK policies for other libraries can be added anytime.

MARK policies are simple text files and can be created with any text editor, but we recommend installing the Eclipse plugin which comes with syntax highlighting and code completion for MARK files.

Last update: 2022-08-23
Created: 2020-01-16