Added a simple check that prints an error message when no dynamic symbol calls could be resolved.

Added brand new (and still experimental) checks for CWEs 415 and 416 together with a new interprocedural data-flow analysis engine written in Rust. Add `-partial=Memory` as command line flag to try out the new checks.

Each unit test can now be run with a separate test binary, making all unit tests more flexible.

Change the address translation function so that we are able to report more precise incident locations.

Update emulation based acceptance tests on the basis of the new deduplicated warning output

Improved the CWE reports generated by emulation based checks.

Upgraded the BAP version to its current development version.

Unit tests no longer fail silently on Travis CI builds.

refactored cwe476 to add stack tracking

Added acceptance tests for more CPU-architectures. Added acceptance tests for PE-files for x86.

This PR fixes two minor bugs and adds a workaround for the address computation of Ghidra, which sometimes adds an offset and sometimes not. There seems to be no function in the Ghidra API that can be used to tell the plugin when this happens and when not.

adds check_path flag to cwe_checker for finding paths from user input functions to CWE hits.

* Added feature to compiler test cases with more than one compiler. Added clang as first examples. Fixed test cases to work with gcc

* Added acceptance tests for clang x64, adjusted Travis scripts (now
runs also unittests), install_cross_compilers installs also clang.

* Skips test for cwe415, which is broken on clang + Ubuntu 16.04

* Added feature to compiler test cases with more than one compiler. Added clang as first examples. Fixed test cases to work with gcc

* Added acceptance tests for clang x64, adjusted Travis scripts (now
runs also unittests), install_cross_compilers installs also clang.

* Skips test for cwe415, which is broken on clang + Ubuntu 16.04

* Added change to CHANGES.md

* Fixed test issue: test for json output was pre-compiler suffix.

* Removes old version of log_utils, prototypes for new version.

* Implemented native logging

* Json-Output basically working.

* Added acceptance test for JSON parsing

* Adds some odoc to log_utils.

* Added support for file output (--cwe-checker-out)

* Add acceptance test for file output

* corrected dune linter warnings

* Adjusted maintainer

* Added SCons to dependency list, added CONTRIBUTORS.md

* Set release date of v0.2

* added some spaces

* Pack the core library into the same opam package

* Fix Codacy Issues

* Initial version of CWE560 check

* CWE560 identifies calls to umask, missing the check of the umask calls.

* Initial version of CWE560 check

* CWE560 identifies calls to umask, missing the check of the umask calls.

* [cwe560] works for x64, fix function check_umask_call to detect on
other arches

* Initial version of CWE560 check

* CWE560 identifies calls to umask, missing the check of the umask calls.

* Initial version of CWE560 check

* [cwe560] works for x64, fix function check_umask_call to detect on
other arches

* Now working on the other architectures

* Refactored version of check for CWE 560 that work on several architectures. Added first unit tests for the checkers code base

* Fixes some dune warnings.

* Added CWE 560 to CHANGES.md. Fixes another dune warning.

* Requested change: Private module as a wrapper for unit tests

[tests] build test cases with Makefile; install cross compilers depending on Ubuntu version; commented out three broken acceptance tests

[Refactoring] Improves code quality of acceptance tests: use self.assertEqual instead of plain asserts

Initial version of type inference. It is still very rudimentary at the moment since it just tracks pointer but it's a very solid start! 

* Initial commit of cwe_checker emulation feature using bap primus under the hood.

* Fixed some Core issues with Maps and Hashtbls

* Moved plugins to their own folders as expected by BAP.

* Added .merlin since everybody likes merlin

* Further improvements in the build process

* Commented cwe_checker_emulation plugin

* cwe_checker_emulation detects double frees with the help of Primus.

* Refactoring of cwe_checker_emulation, extracted incident reporting to
module Incident_reporter.

* Added test cases for cwe125, cwe416, and modified cwe415.

* Now reporting use-after-free correctly

* Adjusted README

* Adjusted CHANGES.md.

* Added spaces to content codacy.

* Adjusted build process for emulation plugin

* fixed emulation recipe

* Reports out-out-bounds read/writes, events are not reported multiple times now.

* Adds tests for cwe-415 and cwe-416. Arritifical examples for cwe-125 and cwe-787

* Travis aware emulation tests.

* Fixed acceptance tests.

* Initial version of Type inference