- 13 Jan, 2020 1 commit
- 
- 
Added acceptance tests for more CPU-architectures. Added acceptance tests for PE-files for x86. Melvin Klimke authored
 
- 
- 10 Jan, 2020 1 commit
- 
- 
Enkelmann authored
 
- 
- 20 Dec, 2019 1 commit
- 
- 
Enkelmann authored
 
- 
- 06 Dec, 2019 1 commit
- 
- 
prepare v0.3 release Enkelmann authored
 
- 
- 04 Dec, 2019 1 commit
- 
- 
Added cwe_checker executable allowing shorter command line calls Melvin Klimke authored
 
- 
- 26 Nov, 2019 1 commit
- 
- 
This PR fixes two minor bugs and adds a workaround for the address computation of Ghidra, which sometimes adds an offset and sometimes not. There seems to be no function in the Ghidra API that can be used to tell the plugin when this happens and when not. Enkelmann authored
 
- 
- 25 Nov, 2019 1 commit
- 
- 
This PR adds a plugin for annotating the results of the cwe_checker in Ghidra. Enkelmann authored
 
- 
- 11 Sep, 2019 1 commit
- 
- 
adds check_path flag to cwe_checker for finding paths from user input functions to CWE hits. Thomas Barabosch authored
 
- 
- 05 Sep, 2019 1 commit
- 
- 
This also fixes a bug in nested_exp_list, causing Load instructions to be added twice instead of once. Gabriel Scherer authored
 
- 
- 21 Aug, 2019 1 commit
- 
- 
* added links to online documentation, added black hat slides * add spaces for codacy Enkelmann authored
 
- 
- 02 Aug, 2019 1 commit
- 
- 
Enkelmann authored
 
- 
- 31 Jul, 2019 1 commit
- 
- 
This fixes issues #34 Thomas Barabosch authored
 
- 
- 30 Jul, 2019 1 commit
- 
- 
* Fixed some stuff mentioned in review; added flag --no-logging to surpress logging to STDOUT; * Changes.md Thomas Barabosch authored
 
- 
- 29 Jul, 2019 1 commit
- 
- 
* Added feature to compiler test cases with more than one compiler. Added clang as first examples. Fixed test cases to work with gcc * Added acceptance tests for clang x64, adjusted Travis scripts (now runs also unittests), install_cross_compilers installs also clang. * Skips test for cwe415, which is broken on clang + Ubuntu 16.04 * Added feature to compiler test cases with more than one compiler. Added clang as first examples. Fixed test cases to work with gcc * Added acceptance tests for clang x64, adjusted Travis scripts (now runs also unittests), install_cross_compilers installs also clang. * Skips test for cwe415, which is broken on clang + Ubuntu 16.04 * Added change to CHANGES.md * Fixed test issue: test for json output was pre-compiler suffix. Thomas Barabosch authored
 
- 
- 24 Jul, 2019 1 commit
- 
- 
* Removes old version of log_utils, prototypes for new version. * Implemented native logging * Json-Output basically working. * Added acceptance test for JSON parsing * Adds some odoc to log_utils. * Added support for file output (--cwe-checker-out) * Add acceptance test for file output Thomas Barabosch authored
 
- 
- 19 Jul, 2019 1 commit
- 
- 
Thomas Barabosch authored
 
- 
- 18 Jul, 2019 1 commit
- 
- 
* Added more documentation to checks * Corrected typo in opam files * Added documentation command to makefile * updated documentation build command in Readme.md * Fixed some documentation typos * rand without srand is always treated as an anti-pattern. * delete generated documentation on "make clean" Enkelmann authored
 
- 
- 04 Jul, 2019 3 commits
- 
- 
* This commit improves the cwe_checker_to_ida tool. First, it fixes issue #24. Second, it introduces some unit tests for cwe_checker_to_ida. Third, cwe_checker_to_ida parses newer cwe checks like cwe415 or cwe787. Forth, updated description of cwe_checker_to_ida in README.md. Thomas Barabosch authored
- 
Thomas Barabosch authored
- 
Thomas Barabosch authored
 
- 
- 26 Jun, 2019 1 commit
- 
- 
* corrected dune linter warnings * Adjusted maintainer * Added SCons to dependency list, added CONTRIBUTORS.md * Set release date of v0.2 * added some spaces * Pack the core library into the same opam package * Fix Codacy Issues Enkelmann authored
 
- 
- 25 Jun, 2019 1 commit
- 
- 
Enkelmann authored
 
- 
- 19 Jun, 2019 1 commit
- 
- 
* Initial version of CWE560 check * CWE560 identifies calls to umask, missing the check of the umask calls. * Initial version of CWE560 check * CWE560 identifies calls to umask, missing the check of the umask calls. * [cwe560] works for x64, fix function check_umask_call to detect on other arches * Initial version of CWE560 check * CWE560 identifies calls to umask, missing the check of the umask calls. * Initial version of CWE560 check * [cwe560] works for x64, fix function check_umask_call to detect on other arches * Now working on the other architectures * Refactored version of check for CWE 560 that work on several architectures. Added first unit tests for the checkers code base * Fixes some dune warnings. * Added CWE 560 to CHANGES.md. Fixes another dune warning. * Requested change: Private module as a wrapper for unit tests Thomas Barabosch authored
 
- 
- 18 Jun, 2019 1 commit
- 
- 
Enkelmann authored
 
- 
- 17 Jun, 2019 1 commit
- 
- 
This ensures that cwe_checker is deployable with opam. Enkelmann authored
 
- 
- 14 Jun, 2019 6 commits
- 
- 
Thomas Barabosch authored
- 
Thomas Barabosch authored
- 
Thomas Barabosch authored
- 
[tests] build test cases with Makefile; install cross compilers depending on Ubuntu version; commented out three broken acceptance tests Thomas Barabosch authored
- 
[Refactoring] Improves code quality of acceptance tests: use self.assertEqual instead of plain asserts Thomas Barabosch authored
- 
Initial version of type inference. It is still very rudimentary at the moment since it just tracks pointer but it's a very solid start! Enkelmann authored
 
- 
- 16 Apr, 2019 4 commits
- 
- 
Thomas Barabosch authored
- 
Thomas Barabosch authored
- 
* Added pre-commit hook for ocp-indent * Test for one file Thomas Barabosch authored
- 
* Initial commit of cwe_checker emulation feature using bap primus under the hood. * Fixed some Core issues with Maps and Hashtbls * Moved plugins to their own folders as expected by BAP. * Added .merlin since everybody likes merlin * Further improvements in the build process * Commented cwe_checker_emulation plugin * cwe_checker_emulation detects double frees with the help of Primus. * Refactoring of cwe_checker_emulation, extracted incident reporting to module Incident_reporter. * Added test cases for cwe125, cwe416, and modified cwe415. * Now reporting use-after-free correctly * Adjusted README * Adjusted CHANGES.md. * Added spaces to content codacy. * Adjusted build process for emulation plugin * fixed emulation recipe * Reports out-out-bounds read/writes, events are not reported multiple times now. * Adds tests for cwe-415 and cwe-416. Arritifical examples for cwe-125 and cwe-787 * Travis aware emulation tests. * Fixed acceptance tests. Thomas Barabosch authored
 
- 
- 15 Apr, 2019 5 commits
- 
- 
Thomas Barabosch authored
- 
Thomas Barabosch authored
- 
Thomas Barabosch authored
- 
Thomas Barabosch authored
- 
Thomas Barabosch authored
 
-