Skip to content

Commit

Permalink
Prepare release of stable version v0.6 (#335)
Browse files Browse the repository at this point in the history
  • Loading branch information
Enkelmann authored Jun 10, 2022
1 parent 60c2332 commit 5621a04
Show file tree
Hide file tree
Showing 8 changed files with 25 additions and 20 deletions.
7 changes: 6 additions & 1 deletion CHANGES.md
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
0.6-dev
0.6 (2022-06)
====

- Add support for analysis of bare-metal binaries (PR #203)
Expand All @@ -14,6 +14,11 @@
- Update cwe_checker_to_ida script (PRs #279, #281)
- New installer script that can search for the Ghidra installation path for you (PR #278)
- Refactor handling of caller stacks in PointerInference analysis (PR #287)
- Project struct refactorings (PRs #291, #301, #324)
- New improved implementation of CWE-416 Use-After-Free check (PRs #311, #318, #328)
- New improved implementation of CWE-119 Buffer Overflow check (PRs #315, #326, #328, #333)
- Use information on non-returning functions in CFG generation (PR #319)
- Handle stack manipulation based on stack alignment for x86 (PRs #317, #323)

0.5 (2021-07)
====
Expand Down
4 changes: 2 additions & 2 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

20 changes: 10 additions & 10 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,14 +9,15 @@
[![Documentation](https://img.shields.io/badge/doc-stable-green.svg)](https://fkie-cad.github.io/cwe_checker/index.html)

## What is cwe_checker? ##
cwe_checker is a suite of checks to detect common bug classes such as use of dangerous functions and simple integer overflows.
cwe_checker is a suite of checks to detect common bug classes such as Null pointer dereferences and buffer overflows.
These bug classes are formally known as [Common Weakness Enumerations](https://cwe.mitre.org/) (CWEs).
Its main goal is to aid analysts to quickly find vulnerable code paths.
The checks are based on a variety of anaylsis techniques ranging from simple heuristics to abstract interpretation-based data-flow analysis.
Its main goal is to aid analysts to quickly find potentially vulnerable code paths.

Its main focus are ELF binaries that are commonly found on Linux and Unix operating systems.
The cwe_checker uses [Ghidra](https://ghidra-sre.org/) to disassemble binaries into one common intermediate representation
and implements its own analyses on this IR.
Hence, the analyses can be run on all CPU architectures that Ghidra can disassemble,
Hence, the analyses can be run on most CPU architectures that Ghidra can disassemble,
which makes the *cwe_checker* a valuable tool for firmware analysis.

The following arguments should convince you to give *cwe_checker* a try:
Expand Down Expand Up @@ -45,9 +46,10 @@ If you want to build the docker image yourself, just run `docker build -t cwe_ch

The following dependencies must be installed in order to build and install the *cwe_checker* locally:
- [Rust](https://www.rust-lang.org) >= 1.57
- [Ghidra](https://ghidra-sre.org/) >= 9.2
- [Ghidra](https://ghidra-sre.org/) >= 10.1.2

Run `make all GHIDRA_PATH=/path/to/ghidra_folder` (with the correct path to the local Ghidra installation inserted) to compile and install the cwe_checker.
If you omit the `GHIDRA_PATH` argument the installer will search your file system for a local installation of Ghidra.

## Usage ##

Expand Down Expand Up @@ -76,8 +78,7 @@ For that one needs to provide a bare metal configuration file via the `--bare-me
An example for such a configuration file can be found at `bare_metal/stm32f407vg.json`
(which was created and tested for an STM32F407VG MCU).

For more information build and read the documentation locally via `make documentation`.
Note that this analysis mode is not yet included in the stable version of the cwe_checker.
For more information take a look at the [online documentation](https://fkie-cad.github.io/cwe_checker/index.html).

## Documentation and Tests ##

Expand All @@ -96,17 +97,16 @@ So far the following analyses are implemented:
- [CWE-243](https://cwe.mitre.org/data/definitions/243.html): Creation of chroot Jail Without Changing Working Directory
- [CWE-332](https://cwe.mitre.org/data/definitions/332.html): Insufficient Entropy in PRNG
- [CWE-367](https://cwe.mitre.org/data/definitions/367.html): Time-of-check Time-of-use (TOCTOU) Race Condition
- [CWE-415](https://cwe.mitre.org/data/definitions/415.html): Double Free
- [CWE-416](https://cwe.mitre.org/data/definitions/416.html): Use After Free
- [CWE-416](https://cwe.mitre.org/data/definitions/416.html): Use After Free and its variant [CWE-415](https://cwe.mitre.org/data/definitions/415.html): Double Free
- [CWE-426](https://cwe.mitre.org/data/definitions/426.html): Untrusted Search Path
- [CWE-467](https://cwe.mitre.org/data/definitions/467.html): Use of sizeof() on a Pointer Type
- [CWE-476](https://cwe.mitre.org/data/definitions/476.html): NULL Pointer Dereference
- [CWE-560](https://cwe.mitre.org/data/definitions/560.html): Use of umask() with chmod-style Argument
- [CWE-676](https://cwe.mitre.org/data/definitions/676.html): Use of Potentially Dangerous Function
- [CWE-782](https://cwe.mitre.org/data/definitions/782.html): Exposed IOCTL with Insufficient Access Control

Please note that some of the above analyses are only partially implemented at the moment.
Furthermore, both false positives and false negatives are to be expected due to shortcuts and the nature of static analysis as well as over-approximation.
Please note that both false positives and false negatives are to be expected due to shortcuts and the nature of static analysis as well as over-approximation.
You can find information on the inner workings of each check as well as known reasons for false positives and false negatives on the [check-specific documentation pages](https://fkie-cad.github.io/cwe_checker/doc/html/cwe_checker_lib/checkers/index.html).

## Integration into other tools ##

Expand Down
4 changes: 2 additions & 2 deletions src/caller/Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
[package]
name = "cwe_checker"
version = "0.6.0-dev"
authors = ["Enkelmann <nils-edvin.enkelmann@fkie.fraunhofer.de>"]
version = "0.6.0"
authors = ["Nils-Edvin Enkelmann <nils-edvin.enkelmann@fkie.fraunhofer.de>"]
edition = "2021"

[dependencies]
Expand Down
2 changes: 1 addition & 1 deletion src/cwe_checker_lib/Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "cwe_checker_lib"
version = "0.6.0-dev"
version = "0.6.0"
authors = ["Nils-Edvin Enkelmann <nils-edvin.enkelmann@fkie.fraunhofer.de>"]
edition = "2021"

Expand Down
2 changes: 1 addition & 1 deletion src/cwe_checker_lib/src/checkers/cwe_332.rs
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
//! This module implements a check for CWE332: Insufficient Entropy in PRNG.
//! This module implements a check for CWE-332: Insufficient Entropy in PRNG.
//!
//! This can happen, for instance, if the PRNG is not seeded. A classical example
//! would be calling rand without srand. This could lead to predictable random
Expand Down
4 changes: 2 additions & 2 deletions src/cwe_checker_lib/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,12 @@ The main library of the cwe_checker containing all CWE checks and analysis modul
The cwe_checker is a tool for finding common bug classes on binaries using static analysis.
These bug classes are formally known as [Common Weakness Enumerations](https://cwe.mitre.org/) (CWEs).
Its main goal is to aid analysts to quickly find vulnerable code paths.
Its main goal is to aid analysts to quickly find potentially vulnerable code paths.
Currently its main focus are ELF binaries that are commonly found on Linux and Unix operating systems.
The cwe_checker uses [Ghidra](https://ghidra-sre.org/) to disassemble binaries into one common intermediate representation
and implements its own analyses on this IR.
Hence, the analyses can be run on all CPU architectures that Ghidra can disassemble,
Hence, the analyses can be run on most CPU architectures that Ghidra can disassemble,
which makes the *cwe_checker* a valuable tool for firmware analysis.
# Usage
Expand Down
2 changes: 1 addition & 1 deletion test/Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
[package]
name = "acceptance_tests_ghidra"
version = "0.1.0"
authors = ["Enkelmann <nils-edvin.enkelmann@fkie.fraunhofer.de>"]
authors = ["Nils-Edvin Enkelmann <nils-edvin.enkelmann@fkie.fraunhofer.de>"]
edition = "2021"

[dependencies]
Expand Down

0 comments on commit 5621a04

Please sign in to comment.