Added brand new (and still experimental) checks for CWEs 415 and 416 together with a new interprocedural data-flow analysis engine written in Rust. Add `-partial=Memory` as command line flag to try out the new checks.

Each unit test can now be run with a separate test binary, making all unit tests more flexible.

Change the address translation function so that we are able to report more precise incident locations.

Added a new symbol structure enabling more precise handling of extern symbols.

Add "--version" to command line options.

Update emulation based acceptance tests on the basis of the new deduplicated warning output

Improved the CWE reports generated by emulation based checks.

Upgraded the BAP version to its current development version.

Unit tests no longer fail silently on Travis CI builds.

refactored cwe476 to add stack tracking

Added acceptance tests for more CPU-architectures. Added acceptance tests for PE-files for x86.

prepare v0.3 release

Added cwe_checker executable allowing shorter command line calls

This PR fixes two minor bugs and adds a workaround for the address computation of Ghidra, which sometimes adds an offset and sometimes not. There seems to be no function in the Ghidra API that can be used to tell the plugin when this happens and when not.

This PR adds a plugin for annotating the results of the cwe_checker in Ghidra.

adds check_path flag to cwe_checker for finding paths from user input functions to CWE hits.

This also fixes a bug in nested_exp_list, causing Load instructions to be added twice instead of once.

* added links to online documentation, added black hat slides

* add spaces for codacy

This fixes issues #34

* Fixed some stuff mentioned in review; added flag --no-logging to surpress logging to STDOUT;

* Changes.md

* Added feature to compiler test cases with more than one compiler. Added clang as first examples. Fixed test cases to work with gcc

* Added acceptance tests for clang x64, adjusted Travis scripts (now
runs also unittests), install_cross_compilers installs also clang.

* Skips test for cwe415, which is broken on clang + Ubuntu 16.04

* Added feature to compiler test cases with more than one compiler. Added clang as first examples. Fixed test cases to work with gcc

* Added acceptance tests for clang x64, adjusted Travis scripts (now
runs also unittests), install_cross_compilers installs also clang.

* Skips test for cwe415, which is broken on clang + Ubuntu 16.04

* Added change to CHANGES.md

* Fixed test issue: test for json output was pre-compiler suffix.

* Removes old version of log_utils, prototypes for new version.

* Implemented native logging

* Json-Output basically working.

* Added acceptance test for JSON parsing

* Adds some odoc to log_utils.

* Added support for file output (--cwe-checker-out)

* Add acceptance test for file output

* Added more documentation to checks

* Corrected typo in opam files

* Added documentation command to makefile

* updated documentation build command in Readme.md

* Fixed some documentation typos

* rand without srand is always treated as an anti-pattern.

* delete generated documentation on "make clean"

* This commit improves the cwe_checker_to_ida tool. First, it fixes
issue #24. Second, it introduces some unit tests for
cwe_checker_to_ida. Third, cwe_checker_to_ida parses newer cwe checks
like cwe415 or cwe787. Forth, updated description of
cwe_checker_to_ida in README.md.

* corrected dune linter warnings

* Adjusted maintainer

* Added SCons to dependency list, added CONTRIBUTORS.md

* Set release date of v0.2

* added some spaces

* Pack the core library into the same opam package

* Fix Codacy Issues

* Initial version of CWE560 check

* CWE560 identifies calls to umask, missing the check of the umask calls.

* Initial version of CWE560 check

* CWE560 identifies calls to umask, missing the check of the umask calls.

* [cwe560] works for x64, fix function check_umask_call to detect on
other arches

* Initial version of CWE560 check

* CWE560 identifies calls to umask, missing the check of the umask calls.

* Initial version of CWE560 check

* [cwe560] works for x64, fix function check_umask_call to detect on
other arches

* Now working on the other architectures

* Refactored version of check for CWE 560 that work on several architectures. Added first unit tests for the checkers code base

* Fixes some dune warnings.

* Added CWE 560 to CHANGES.md. Fixes another dune warning.

* Requested change: Private module as a wrapper for unit tests