Update Readme.md and Changes.md (#181)

2d20f1e4 · Enkelmann · GitHub · ac9203df · 2d20f1e4 · 2d20f1e4
Unverified Commit 2d20f1e4 authored May 12, 2021 by Enkelmann Committed by GitHub May 12, 2021
6 changed files
--- a/.github/workflows/acceptance-tests.yml
+++ b/.github/workflows/acceptance-tests.yml
 name: Acceptance tests
-on: [pull_request]
+on: 
+  push:
+    branches:
+      - master
+  pull_request:
 env:
  CARGO_TERM_COLOR: always

--- a/CHANGES.md
+++ b/CHANGES.md
@@ -2,6 +2,12 @@
 ====
 -   Switched default backend to Ghidra (PR #128)
+-   Handle global memory accesses during analysis (PRs #131, #133)
+-   Improvements to the Docker image (PR #134)
+-   Add OS Command Injection Check (PRs #130, #154, #167)
+-   Remove deprecated BAP backend (PRs #148, #149, #150)
+-   Implement abstract interval domain (PRs #152, #158, #166)
+-   Add Buffer Overflow checks (PRs #159, #174)
 0.4 (2021-01)
 ====

--- a/README.md
+++ b/README.md
@@ -3,8 +3,8 @@
 </p>
 # cwe_checker #
-[![Codacy Badge](https://api.codacy.com/project/badge/Grade/9dbf158110de427d893b40ba397b94bc)](https://www.codacy.com/app/weidenba/cwe_checker?utm_source=github.com&amp;utm_medium=referral&amp;utm_content=fkie-cad/cwe_checker&amp;utm_campaign=Badge_Grade)
+![Acceptance tests](https://github.com/fkie-cad/cwe_checker/actions/workflows/acceptance-tests.yml/badge.svg)
-[![Build Status](https://travis-ci.com/fkie-cad/cwe_checker.svg?branch=master)](https://travis-ci.com/fkie-cad/cwe_checker)
+![Unit tests](https://github.com/fkie-cad/cwe_checker/actions/workflows/unit-tests.yml/badge.svg)
 ![Docker-Pulls](https://img.shields.io/docker/pulls/fkiecad/cwe_checker.svg)
 [![Documentation](https://img.shields.io/badge/doc-stable-green.svg)](https://fkie-cad.github.io/cwe_checker/doc/html/cwe_checker/index.html)
@@ -83,6 +83,8 @@ Source code documentation can be built with `make documentation`. For the stable
 ## Implemented Checks <a name=checks></a> ##
 So far the following analyses are implemented:
+-   [CWE-78](https://cwe.mitre.org/data/definitions/78.html): OS Command Injection (currently disabled on standard runs)
+-   [CWE-119](https://cwe.mitre.org/data/definitions/119.html) and its variants [CWE-125](https://cwe.mitre.org/data/definitions/125.html) and [CWE-787](https://cwe.mitre.org/data/definitions/787.html): Buffer Overflow
 -   [CWE-190](https://cwe.mitre.org/data/definitions/190.html): Integer Overflow or Wraparound
 -   [CWE-215](https://cwe.mitre.org/data/definitions/215.html): Information Exposure Through Debug Information
 -   [CWE-243](https://cwe.mitre.org/data/definitions/243.html): Creation of chroot Jail Without Changing Working Directory

--- a/src/caller/src/main.rs
+++ b/src/caller/src/main.rs
@@ -34,7 +34,7 @@ struct CmdlineArgs {
    /// Specify a specific set of checks to be run as a comma separated list, e.g. 'CWE332,CWE476,CWE782'.
    ///
-    /// Use the "--module-names" command line option to get a list of all valid check names.
+    /// Use the "--module-versions" command line option to get a list of all valid check names.
    #[structopt(long, short)]
    partial: Option<String>,

--- a/src/cwe_checker_lib/src/analysis/pointer_inference/mod.rs
+++ b/src/cwe_checker_lib/src/analysis/pointer_inference/mod.rs
@@ -2,10 +2,22 @@
 //!
 //! The goal of the pointer inference analysis is to keep track of all memory objects and pointers
 //! that the program knows about at specific program points during execution.
-//! Possible memory management errors, like access to memory that may already have been freed,
+//! If the **Memory** check is enabled,
-//! are reported to the user.
+//! then the analysis also detects and reports possible memory management errors,
+//! like "Use after free"-errors, to the user.
+//! The result of the pointer inference analysis is also used as input for other analyses,
+//! which allows them to keep track of memory objects and pointers.
 //!
-//! Keep in mind that the analysis operates on a best-effort basis.
+//! ## The Memory Check
+//!
+//! If the **Memory** check is enabled, the pointer inference detects instances of the following CWEs:
+//! - [CWE-119](https://cwe.mitre.org/data/definitions/119.html) Buffer Overflow (generic case)
+//! - [CWE-125](https://cwe.mitre.org/data/definitions/125.html) Buffer Overflow: Out-of-bounds Read
+//! - [CWE-415](https://cwe.mitre.org/data/definitions/415.html): Double Free
+//! - [CWE-416](https://cwe.mitre.org/data/definitions/416.html): Use After Free
+//! - [CWE-787](https://cwe.mitre.org/data/definitions/787.html): Buffer Overflow: Out-of-bounds Write
+//!
+//! The analysis operates on a best-effort basis.
 //! In cases where we cannot know
 //! whether an error is due to an error in the memory management of the program under analysis
 //! or due to inexactness of the pointer inference analysis itself,
@@ -38,7 +50,7 @@ use context::Context;
 pub use state::State;
 /// The version number of the analysis.
-const VERSION: &str = "0.1";
+const VERSION: &str = "0.2";
 /// The name and version number of the "Memory" CWE check.
 pub static CWE_MODULE: crate::CweModule = crate::CweModule {

--- a/src/cwe_checker_lib/src/checkers.rs
+++ b/src/cwe_checker_lib/src/checkers.rs
 //! The implemented CWE checks.
 //! See their module descriptions for detailed information about each check.
 //!
-//! Currently the `Memory` check is not contained in this module
+//! Currently the **Memory** check is not contained in this module
 //! but directly incorporated into the [`pointer_inference`](crate::analysis::pointer_inference) module.
 //! See there for detailed information about this check.